Jump to content

  • Log In with Google      Sign In   
  • Create Account


Member Since 10 May 2009
Offline Last Active Jun 18 2013 07:44 AM

Posts I've Made

In Topic: voxeliq engine | c# & xna 4.0 voxel engine in development

25 November 2011 - 08:33 PM

I'd love to give it a whirl but the Git is missing. :(

In Topic: Transisting between proccess's

21 December 2010 - 06:48 PM

Thanks for clearing it up everyone, I ended up using a GUID as a 'random token'.

In Topic: Transisting between proccess's

21 December 2010 - 04:54 AM

Right, that was my mindset. Orginally, I had a login-server, chat server etc all trying to talk to each other. I looked at what I had, and said "Realistically speaking, I can probably intergrate the login and world into one; and probably just drop the chat server all together right now"

I'm storing MD5 passwords in the database right now, and hash them before sending them off for authentication.

So, just to make sure I'm understanding right, and I'm pretty sure I am, as you've been a great help!

Client [SwitchZoneRequest] -> ZoneServer (verifies they're on the zone line and everything is OK, sends off to WorldServer which generates a 'token', (random sessionID)

World -> Requested ZoneServer (Sends this token, saying that someone is expected to be incoming soon; to wait for them.)

World -> ZoneServer (Indiciates success, has a packet with the required port and hostname to connect to the next zone AND the token; the server can at this point then 'drop' the player from it's list and send out notifcations to surrounding entities, and persist the user into the datbase)

ZoneServer -> Client (Sends the previous packet, the client knows who to connect to now)

Client -> Requested ZoneServer (Packet with the token, the ZoneServer has been waiting and knows the user with this secret token is valid so accept them and load who they are, which could have been sent with the token... or embedded in the token somehow.)

My only key question: Can I just generate a token for the user once, and store it for them as a 'session token'? That would work, but it's pretty secure and immune to replay attacks, right?

In Topic: Transisting between proccess's

21 December 2010 - 04:18 AM

This isn't a 'commercial' server persay, so any basic cryptography should do the trick to deter *MOST* people, I would hope. I see lots of articles, but so many to go about it. I was thinking of using the users ID and current minute or hour to generate a 'key'.. but that's spoof able far too easy. I could use the password, but then that requires I store the users password in memory, isn't that dangerous too? :/

In Topic: Transisting between proccess's

21 December 2010 - 03:55 AM

How would I generate these tokens and validate them? Pseudo-code is fine, but I've never implemented something like that before.