[web] PHP & Simple 'Master' Server
I've been considering writing a very simple 'master server' using php in the following ways.
A website has a couple php scripts on it.
addserver.php
serverlist.php
The game server, at startup, and at regular intervals(5 minutes for example), would perform a http request like so.
http://someserver.com/addserver.php?name=Someones Server?playerlimit=12?port=xx?ip=x.x.x.x
This script would take this information and add it to a database.
Now, when clients are on the join game screen or whatever, their client does a request to serverlist.php similarly.
serverlist.php generates a formatted xml response, and in the process purges servers from the database older than the servers update interval, effectively giving the client a decent snapshot of currently running servers.
The advantage to this is that it requires no special server, any old web host could use this, and it's dead simple.
The main thing I want to get ideas on is the insecurity of the process. I'd imagine someone could easily sniff the communication and pick out the addserver url as shown above, and very easily write a script that hammers the server with random urls, polluting the server list. Obviously I could put a time limit to minimize the spamming, but still dummy servers could be added. Is there a way to encrypt the http request for a tiny bit of added security, or any php tricks that could be done, possibly as part of the url that would help the server get verified before added to the list or whatever.
I will likely be using libcurl, as I did before when I used this same simple method for server matching over the net for testing purposes.
Any additional ideas for extra security are welcome. Thanks
Yeah, can someone please awnser this??
It will be cheap solution to my server problem.
Tjaalie,
It will be cheap solution to my server problem.
Tjaalie,
Quote:Original post by DrEvil
The main thing I want to get ideas on is the insecurity of the process. I'd imagine someone could easily sniff the communication and pick out the addserver url as shown above, and very easily write a script that hammers the server with random urls, polluting the server list.
Your addserver.php should check that the server which it has been asked to add really does contain a real game server.
The game server would listen on some port, and would have a few commands - the addserver.php would check that it really existed and really responded.
This would also stop servers from being added that had been firewalled or configured incorrectly.
You could use the IP address of the client, or allow it to specify it (bear in mind that a lot of ISPs use transparent proxies (i.e. NAT outgoing HTTP to port 80)).
Quote:
Obviously I could put a time limit to minimize the spamming, but still dummy servers could be added.
Don't allow more than a small number of add requests from a given remote IP address per minute. Or hour. Or something.
Your server should also have a "cron" job or similar, which checks that all the known servers are "still there". Any that are not responding can be deleted from the list.
There should also be a "deleteserver.php" which works similarly - whereby, when a server is shutdown it could unregister itself. Of course that would provide a random key it had been given when it used addserver.php
Consider using a HTTP POST rather than a GET for these requests, there's less chance of it going wrong due to proxy behaviour.
Quote:
Is there a way to encrypt the http request for a tiny bit of added security
No point. Nobody can add a server which isn't genuinely available, as your addserver.php will check.
Mark
Sorry, forgot to mention:
I think using HTTP for this kind of application (game server list) is a really good idea, and entirely sensible.
Several other games do this, it's just the best way. There's no point in inventing some hacked-up custom protocol.
Mark
I think using HTTP for this kind of application (game server list) is a really good idea, and entirely sensible.
Several other games do this, it's just the best way. There's no point in inventing some hacked-up custom protocol.
Mark
How does a php script connect to and verify a game server? Can php on a web server connect to an arbitrary external computer?
[Edited by - DrEvil on January 9, 2006 6:50:04 PM]
[Edited by - DrEvil on January 9, 2006 6:50:04 PM]
Quote:Original post by DrEvil
How does a php script connect to and verify a game server? Can php on a web server connect to an arbitrary external computer?
Yes. But to do so over HTTP that arbitrary external computer would need a HTTP server. Ofcourse it's not too much work integrating a light-weight HTTP server in your game server. To get around firewall issues I'd suggest running that miniHTTP on the same port as the game server (which already needs to be unblocked in order to serve up the game anyway).
PHP supports sockets and can send / receive arbritary data on a TCP or UDP socket. So it could speak (a limited subset of) your game server's protocol to determine that it was online.
Putting a HTTP server on the same port as your game sounds tricky. Does that mean that your game server needs to automatically detect whether a client is using the game protocol or HTTP for each connection?
If your game uses UDP as well as TCP, you should verify that both are working, as a firewall could block one and not the other.
You might have to add a simple "are you there" type message to your server.
Mark
Putting a HTTP server on the same port as your game sounds tricky. Does that mean that your game server needs to automatically detect whether a client is using the game protocol or HTTP for each connection?
If your game uses UDP as well as TCP, you should verify that both are working, as a firewall could block one and not the other.
You might have to add a simple "are you there" type message to your server.
Mark
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement