Sign in to follow this  
luzarius

What is the best way for a server to identify a client?

Recommended Posts

What is the best way for a server to identify a client? a) When client first logs into the server, the server creates a temporary ID and sends it back to the client. This temporary ID is now both on the server and client. Now when the client sends packets to the server this temporary ID will be in every packet so the server will know where this packet came from. OR b) When client first logs into the server, the server obtains the IP address of the client. Now when the client sends packets to the server, the server will know it is user X of IP address x.x.x.x because the server identifies the user by their IP address. OR C) implement both solutions OR D) other Please offer advice! :)

Share this post


Link to post
Share on other sites
I prefer to use the MAC Address from the client. If you have your program get the network hardware address you can use it as a unique ID for them. It will not change if they have to do a reboot for what ever reason.

Just my 2 cents.

theTroll

Share this post


Link to post
Share on other sites
... or maybe let the user login to an account on the server?
Store each user under a specific id in the server and then use that
id (which will always be unique :)

Share this post


Link to post
Share on other sites
Good to identify computers by mac addresses, and identifying by just IP has a problem with those behind a nat. identifying by IP + port would probobly work pretty nicely.

Problem with using a unique ID though, is you have to make sure it's different than the actual object ID [the one you use to keep track of things in the game engine,the one you'll probably send out to all the other clients], or you may find yourself in a position of having players sending packets on the behalf of other players, or even one player playing as an entire group of characters. Might be a good idea to demand a mac address upfront durring login, match it with the ip/port, use the ip/port as the actual tracker data, and for each log in, check to make sure the mac address isn't already in the table [so you don't have the problem of a single computer logging in with a bunch of characters.. unless you don't mind that kinda thing]

Share this post


Link to post
Share on other sites
Does the client software obtain the mac address then send it to the server?

or

Does the server determine the clients mac address when the client tries to login (via tcp)

I am using TCP.

Share this post


Link to post
Share on other sites
The clinet determines its MAC and then durring the connection process sends the MAC to the server, it then tags all of it's traffic with the MAC address..

theTroll

Share this post


Link to post
Share on other sites
Quote:
Original post by RDragon1
If it's a TCP connection, just use the socket. If it's UDP, use the sockaddr struct which contains the ip/port.


'nuff said.

Share this post


Link to post
Share on other sites
I would use IP, port, and unique ID assigned by the server.
IP & port guarantee that you are sending to the real client.
unique ID guarantess that you are recieving from the real client.

A client can easily send a MAC address of another player. Thus if you only identify by MAC, any malicious player can easily tap into another players game.

Share this post


Link to post
Share on other sites
How can you get the MAC address of another player? I really don't think that unless you hand to be on the same network that it is possible. MAC address are layer 2 so unless you are on the physical network you should not be able to see another persons MAC address..

theTroll

Share this post


Link to post
Share on other sites
sockaddr+port is a pretty good start. If you want to start including cryptographic authentication, then you probably need some kind of session key and possibly a shared secret for signing each packet, as well.

Check out my article on authentication for games for more on the latter.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by hplus0603
sockaddr+port is a pretty good start. If you want to start including cryptographic authentication, then you probably need some kind of session key and possibly a shared secret for signing each packet, as well.

Check out my article on authentication for games for more on the latter.


That link just refers back to this page?

Share this post


Link to post
Share on other sites
Quote:
Original post by snisarenko
I would use IP, port, and unique ID assigned by the server.
IP & port guarantee that you are sending to the real client.
unique ID guarantess that you are recieving from the real client.

A client can easily send a MAC address of another player. Thus if you only identify by MAC, any malicious player can easily tap into another players game.


What is a good unique id that is short but won't take up a lot of space in a packet?

Share this post


Link to post
Share on other sites
Quote:
Original post by TheTroll
How can you get the MAC address of another player? I really don't think that unless you hand to be on the same network that it is possible. MAC address are layer 2 so unless you are on the physical network you should not be able to see another persons MAC address..

theTroll


I am speaking in general terms. If someone were to find out somebodies MAC address , (let's say a friend of yours), then they can always use that MAC to tap into the game of that other person, if the server only identifies by MAC and does not verify IP and port.

Share this post


Link to post
Share on other sites
Quote:
Original post by luzarius
Quote:
Original post by snisarenko
I would use IP, port, and unique ID assigned by the server.
IP & port guarantee that you are sending to the real client.
unique ID guarantess that you are recieving from the real client.

A client can easily send a MAC address of another player. Thus if you only identify by MAC, any malicious player can easily tap into another players game.


What is a good unique id that is short but won't take up a lot of space in a packet?


You could just generate a random 32 bit (4 bytes) number each time a player connects. However this is the simpliest security implementaion. If you want the best security follow what hplus said. However, cryptographic authentication is not really crucial for simple multiplayer games, unless its an MMO where data is bound to each account.

Share this post


Link to post
Share on other sites
snisarenko, what I am saying is that you really can't get someone's MAC address unless you are on the same Phyisical Network. That information is only used locally by layer 2 traffic.

theTroll

Share this post


Link to post
Share on other sites
To identify a session, just use the socket information – with TCP that's just the socket identifer, and with UDP it's the remote IP/port combination. That makes sure that you can keep track of which session to 'run' the data on.

To identify a player, you need some info that's unique to that player. Some games use CD keys, most just have a username/password that is sent to the server, probably using basic encryption just so it's not visible to a text packet sniffer. If you're concerned about hackers stealing people info (if your game accounts are really valuable) you can use a strong encryption on this login info. Once a client has 'logged in', that user is then tied to the session (identified by the socket details) and no further sensitive data is required.

Share this post


Link to post
Share on other sites
Quote:
That link just refers back to this page?


That's weird. The link, when I edit the page, is correct:

http://www.mindcontrol.org/~hplus/authentication.html

Must be something up with the forum software.

Edit: Nah, it was just a typo of mine, that I didn't spot. Thanks everyone.

[Edited by - hplus0603 on May 1, 2006 4:08:17 PM]

Share this post


Link to post
Share on other sites
You had the first one. There was no equals in it.


<a href'http://www.mindcontrol.org/~hplus/authentication.html'>article on authentication for games</a> for more on the latter.

These 2 work

<a href = 'http://www.mindcontrol.org/~hplus/authentication.html'>article on authentication for games</a> for more on the latter.

<a href = "http://www.mindcontrol.org/~hplus/authentication.html">article on authentication for games</a> for more on the latter.






article on authentication for games for more on the latter.

article on authentication for games for more on the latter.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by TheTroll
How can you get the MAC address of another player? I really don't think that unless you hand to be on the same network that it is possible. MAC address are layer 2 so unless you are on the physical network you should not be able to see another persons MAC address..
theTroll


Not all users have a mac address and there are many ways to access the internet. Identifying a client can be done by it's ip address and port number. Since many old routers doing nat could change the port number of udp transfers randomly, it's good to have a unique id for every client in each packet. The id can consist of an integer part, idenfifying the session and a random part to prevent other clients to make false packets.

So what is needed:
-client ip address
-client port number
-client unique id (session number and random part)

The server should check the ip address and the port number by finding the session with the key. When the port number changes because of an old nat router, the server should correct the port number. The random key should be random enough to make it very hard to forge packets unless the attacker sees all the traffic between the client and the server. This solution provides session control, avoids nat problems and makes it simple to find a session based on an incoming packet.

Viktor

Share this post


Link to post
Share on other sites
For my current project, I make use of both an ID controlled by the server/client, and the IP/port of the user. Nothing revolutionary, but it works reasonably well and is fairly trivial to implement.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by luzarius
What is the best way for a server to identify a client?

a) When client first logs into the server, the server creates a temporary ID and sends it back to the client. This temporary ID is now both on the server and client. Now when the client sends packets to the server this temporary ID will be in every packet so the server will know where this packet came from.


When the client first logs in, have the client create a random RSA key pair and send the public key only to the server, which stores it in a table with the client's account name. To identify the client in the future:

Client sends account name to server.
Server pick a random number (called a nonce).
Server encrypts this with the clients public key and sends this to the client.
Client must then decrypt this with their private key and reply with the correct number.

This stops spoofing (you can't pretend to be another client just by sending a simple id name, such as their MAC address or id number) and replay attacks (you can't listen in on the communicate and 'replay' the client response next time to spoof).

Share this post


Link to post
Share on other sites
Quote:
Original post by TheTroll
snisarenko, what I am saying is that you really can't get someone's MAC address unless you are on the same Phyisical Network. That information is only used locally by layer 2 traffic.

theTroll


Read my post. I never mentioned obtaining a MAC through a WAN. I implied that you could obtain a MAC by simply runing ipconfig on a friends computer.

Share this post


Link to post
Share on other sites
Obviously the best way for a profitable game to identify it's clients is by social security number, checking account number, and bank pin number... obviously.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this