View previous topic :: View next topic |
Author |
Message |
Zombie
Joined: 27 Jan 2004 Posts: 295
|
Posted: Wed Aug 18, 2004 9:07 pm Post subject: GemDagger using "Password=" ? |
|
|
I read on the website that BoddaFlow's GemDagger now has security using the old password system. While it certainly aids in inventory stealing it is still possible for the password to be stolen and re-used. When the password is entered in the command line it saves it to the player's URL options string. Whenever the player joins other servers it is printed in their server console logs. So I advise not to join servers where you think the admin may try to steal your information and re-use it. Another option is to re-start Unreal with a blank "Password=" user.ini entry.
If inventory protection is starting to get popular I might try to crack into this field and write an advanced identification system which can be used for inventory stealing protection. It would spawn onto clients to gather further information and send it back to the server where it could compare with any other mod which needs it.
-Zombie |
|
Back to top |
|
|
Hyper
Joined: 24 Jan 2004 Posts: 1227 Location: Middelburg, The Netherlands
|
Posted: Wed Aug 18, 2004 9:56 pm Post subject: |
|
|
I know about this problem. That's why I advise players to NOT use a password that's identical to any other passwords, AND to change the pass from time to time. The security has it's problems (The password from the user.ini can not always be accessed for some reason) but it's certainly better than no protection at all. _________________ Alter your reality...forever.
Hyper.nl Unreal Services
unreal://hypercoop.tk |
|
Back to top |
|
|
Zombie
Joined: 27 Jan 2004 Posts: 295
|
Posted: Thu Aug 19, 2004 3:09 am Post subject: |
|
|
Hyper wrote: | I know about this problem. That's why I advise players to NOT use a password that's identical to any other passwords, AND to change the pass from time to time. |
Yea, I just caught that in between your example pictures in the instructions. The password thing should be okay if the player does the right things, but there might be easier ways that could be done with minimal or no player procedures. |
|
Back to top |
|
|
Hyper
Joined: 24 Jan 2004 Posts: 1227 Location: Middelburg, The Netherlands
|
Posted: Thu Aug 19, 2004 1:06 pm Post subject: |
|
|
Zombie wrote: | Hyper wrote: | I know about this problem. That's why I advise players to NOT use a password that's identical to any other passwords, AND to change the pass from time to time. |
Yea, I just caught that in between your example pictures in the instructions. The password thing should be okay if the player does the right things, but there might be easier ways that could be done with minimal or no player procedures. |
Easier ways, and still as effective? How? _________________ Alter your reality...forever.
Hyper.nl Unreal Services
unreal://hypercoop.tk |
|
Back to top |
|
|
Zombie
Joined: 27 Jan 2004 Posts: 295
|
Posted: Thu Aug 19, 2004 5:34 pm Post subject: |
|
|
Well, it is part of the idea of spawning an actor on the client to retrieve certain unique information and send it back to the server. That information from the client can be compared automaticaly after connection with already logged information on the server and if they don't match it will strip the player bare. This method has actually been discussed with somebody I've talked to who has contact with Booda so he might be informed and already writing something like that.
-Zombie |
|
Back to top |
|
|
Hyper
Joined: 24 Jan 2004 Posts: 1227 Location: Middelburg, The Netherlands
|
Posted: Fri Aug 20, 2004 5:55 pm Post subject: |
|
|
Zombie wrote: | Well, it is part of the idea of spawning an actor on the client to retrieve certain unique information and send it back to the server. That information from the client can be compared automaticaly after connection with already logged information on the server and if they don't match it will strip the player bare. This method has actually been discussed with somebody I've talked to who has contact with Booda so he might be informed and already writing something like that.
-Zombie |
I already suggested such an idea, with a client part which captures the needed data, and then sends it to the server part for comparison. But building it is of course a lot more difficult. _________________ Alter your reality...forever.
Hyper.nl Unreal Services
unreal://hypercoop.tk |
|
Back to top |
|
|
|