My website host is for free.
I do know a good MySQL host that allow external connection, the problem is that my website host cannot connect to external MySQLs.
If I use client-side Javascript, can MySQL login stuff be seen from view source?
Yeah, JS always shows up in source(only client side) unlike PHP, which is like both. I’m also pretty sure there are hosts that DO allow you to connect to external hosts as ell.
I’ve looked this morning, and all hosts that do allow you to connect to external hosts are paid for.
Never ever have clients connect to your database. Never. It’s a huge security risk and if the client knows about serverside implementation (tables, column names) you lower the bar even further to either get hacked, or having people figure out cunning ways to take advantage of some design flaw.
Let clients connect to your server (presumably a PHP file) and let the server make the queries. Abstraction layers are a must for server/client communication.
I know, I’m doing a PHP file that returns if username and password are legit or not. Cause clients can be decompiled very easily, I did that mistake when I was starting in Java xD
This is how it should work:
For example a user logging in:
- Client sends server username and password(encrypted?)
- Server makes a request to a PHP script that takes in a username and password and authenticates it
- PHP script returns either authenticated or not authenticated to server
- Server responds to client
You should get a host that has BOTH MySQL storage AND HTTP hosting. That way you can access the PHP scripts externally and MySQL Databases internally.
Try Zymic. They will let you do that. http://zymic.com/
That’s pretty much what I’m doing. My current host can do that though, and PHP file is ready. It returns true if user and pass are correct.
knighthood.me.pn/serverlogin.php?user=USERHERE&pass=PASSHERE
I only need to make the changes in the login server now ;D
Sending passwords in plain text is insecure. You might argue that intercepting a password for a game is no big deal, but given how often people reuse passwords, it’s really bad to expose passwords like that.
Hashing the password only adds a small amount of security. The way to go is with a simplistic version of the hash-handshake:
Registration:
CLIENT SERVER
1. request account
--------->
2. create account & salt for account
3. send account_id and account_salt back
<---------
4. hash(password, account_salt), send it
--------->
5. store passhash in account
Login:
CLIENT SERVER
1. request login challenge
--------->
2. create random data, attach it to account, send it back
<---------
3. hash(hash(password, account_salt), random_data), send it
--------->
4. verify hash(passhash, random_data) == received value from
user
5. delete random_data, regardless of success of login attempt
<---------
6. user is notified login was accepted or rejected
Yeah, that’s how Minecraft does/did it right? I remember playing around with the protocols.
No, I don’t think its not encrypted. That’s impossibly wrong for a company like Mojang now o.O
According to their classic protocols, a salt was involved for stuffs
https://dl.dropboxusercontent.com/u/52647185/Knighthood/Pictures/Version%200.6.1/ServerGUI.png
^ Added decent GUI to server ;D
Wait up. In the logs, it says that its waiting for someone to connect, then you leave? o.O How can you leave if you weren’t there in the first place?
My game file was empty, so it kicked me because error. And it didn’t get my user before kicking me. So I deleted my game file and connected again xD
I decided to continue working on the game, some generous people at ChunkyHosting are hosting my website and server.
Updated links and pics in main post!
I decided to continue working on the game, some generous people at ChunkyHosting are hosting my website and server.
Updated links and pics in main post!
Just finished server-side inventories!
There’s registration link and launcher download at main post.
Let me know what you think, and give suggestions!
http://knighthood.chunkyhosting.com/images/inventory1.png
^ Server-side inventories
http://knighthood.chunkyhosting.com/images/questscripting.png
^ Server quest scripting, if anyone understands this and wants to write some quests for the game, hmu, thx
Just finished server-side inventories!
There’s registration link and launcher download at main post.
Let me know what you think, and give suggestions!
http://knighthood.chunkyhosting.com/images/inventory1.png
^ Server-side inventories
http://knighthood.chunkyhosting.com/images/questscripting.png
^ Server quest scripting, if anyone understands this and wants to write some quests for the game, hmu, thx
Leave quest/game suggestions if you have any, thnx!
http://knighthood.chunkyhosting.com/images/fisherhouse.png
^Fisherman’s house
Leave quest/game suggestions if you have any, thnx!
http://knighthood.chunkyhosting.com/images/fisherhouse.png
^Fisherman’s house