DDraceNetwork - developer

@Learath2 I was just thinking about the challenge-response scheme for game authentication (you probably working on) and I am wondering whether the ssl connection for sending credentials in a plain text mode will not be sufficient :)? As my best knowledge the last approach is commonly used for a web-app auth and it seems to be safe :). I am not familiar with a gaming staff thats why I am asking

(edited)

I think SSL would be enough as it secures connection for u

Ye I would tell the same but as I heard about some different approaches I started to think whether they are better or not

19:34

Maybe its just a case of having unsecured connection (where secured might cost a little) and protecting the data on the auth scheme level (edited)

as you are building an app you can self generate SSL certificate and then verifiy it on client-side, so you don't have to pay some CA to sign your certificate as valid

Ok, that's a good point. For web purposes it is not recommended to use them, that's why I was not thinking about them here, sorry, professional distress

i didn't want to use something prebuilt

20:10

should be as safe as TLS itself that way

20:10

and the password itself is susceptible to stupid user syndrome

gotcha your point of view

ofc it'd make heinrich5991 a whole lot happier if i just did that

Assume he will check ur solution carefully

20:17

But as you will be using some ready libs for realizing the most crucial parts like hashing, checksum calculation etc. and focusing only on combinging them to the single auth scheme the risk of having some security backdoors is not that big

20:17

And as I understood you correctly yesterday you are going to go that way

i'm kinda stealing ssh's protocol

nice

20:28

c(++), python or some different language?

probably C

20:37

He likes to invent wheel anew (edited)

You will give him back honour when his new "ssh" become a standard

(edited)

I wasn't offended him :/ (edited)

20:44

He said that, when we talked

Is the account system architecture open or close already? If this is still in the research mdoe, would it possible for example to share with the dev team some architecture of how I see this can be handled?

20:47

I was reading the ddnet forum thread about this and could't find some relevant info. (edited)

Generally, people and devs are not really enthusiastic about it. But if I understand, he want to do it by using Unique ID for each player, without depending on nickname or so.

I could read steam similar approach so you might be right (edited)

points would be connected to ID rather to Nickname. NO idea, how he want to convert points ;p

Ok, so I think I would not break any law after preparing and sharing some spec of how it can be done

20:52

from my perspective

(edited)

Yup, you can spread your idea as well

cool

20:52

will do this this week

its open topic

20:53

But, you have to remember about unhappy people, they will be against everything what is related to account system.

ye ye I know Konsti's rank is going to be endangered when ppl could not gain points for him

20:54

It was mentioned multiple times so I have it in my mind

20:54

hahaha

20:55

The only argument, which i know from him is "People dont want this, stop thinking. Stop coding man, no one wants account system" etc.

20:56

while, a lot of people actually wants or are interested in D:

ye, true observation

I think most people that don't want it just don't know how you will do it. They fear that it's all messy etc (edited)

I know, they don't want to lose their points.

exactly, they need a real assurance that their future account wont be stolen before they register and their points wont be lost

I know that, but they never thought about how to solve this.

20:58

It's always spreading the same words "Nobody wants"

20:58

"For what, its fun without accounts" bla bla bla

20:59

sometimes, I think that people stayed at 2001 or smth,.

21:00

Prefers flowing with the times, rather than staying in same position.

of course it's fun without accounts, how else did people play for the past years. but that doesn't mean that account system wouldn't be a benefit (edited)

psst

I know, without accounts you are free, blah blah

21:00

you can do anything, and nobody will question you.

Everything which is currenlty possible in game can be handled with accounts, even "points endowment". Its just the matter of including them into the plan

But in other hand, now on TeeWorlds are thousand botters. (edited)

I'm going to handle all possible scenarios in the plan... we will see how it will be received..

I will tell you

21:03

"nobody wants, NO NONO"

21:03

without arguments

it's really only a few that don't want it

I know Jao. But they are louder than anybody else

You want to present it in forum?

Should be. In my opinion

Yes

maybe make a poll then?

Or in any other place if you think will be better

I gues then it doesn't matter if Konsti writes 100 hate messages

No, forum would be great

21:07

players should know, what are we planning

Ok, it can be as a poll, but you know guys, my post should be read as a proposal not as a final though in this matter.

well you shouldn't invest too much time into this if a lot people don't even want it

Make poll, if ppl wants account system. Yes/No/I Don't Know

21:11

:p

I don't care instead of i dont know

yea