But your argument there can be applied to anything. Yes, someone can intercept the username and hashed password, but that can be said for pretty much everything I log onto on the web. There's no way to prevent that without me putting SSL code in and rewriting the database server code as well (like I'm gonna do that).
And what exactly do you mean by "just sending a hash of your password to the server isnt secure, as the server can just replay that hash and act as you..." ?. Not sure which server you mean by 'server' and also how you think they'd use this to their advantage? ----- Original Message ----- From: "Jonah Sherman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 15, 2002 6:11 PM Subject: Re: [hlcoders] Client commands > Actually, this isnt as much of a problem as you might think. ALL HL data is > encrypted before being sent over the network.. Are you planning on storing > player data for just that server or globally? If you planning on having a > master server store everyones info, you might want to rethink your protocol, > just sending a hash of your password to the server isnt secure, as the > server can just replay that hash and act as you... > > > >From: "Paul Samways" <[EMAIL PROTECTED]> > >Reply-To: [EMAIL PROTECTED] > >To: <[EMAIL PROTECTED]> > >Subject: [hlcoders] Client commands > >Date: Fri, 14 Jun 2002 18:54:21 +0100 > >Is it possible to preprocess client commands being sent to the server > >before > >they're sent? > > > >I'd like to run an md5digest on a password argument before it flys off over > >the internet to the server. Is this possible? > > > >I was going to have players persistent info stored against AuthID, but then > >I realised it'd be nice to be able to log in at someone elses machine and > >still get your stats/score updated. So now I need some way of a player > >entering a username/password combo and not have a plaintext password either > >travel across the network or be stored in a text file (which would happen > >if > >I used a cvar wouldn't it?). > > > >Any suggestions to throw into the pot? > > > >Paul > > > >_______________________________________________ > >To unsubscribe, edit your list preferences, or view the list archives, > >please visit: > >http://list.valvesoftware.com/mailman/listinfo/hlcoders > > > > > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
