You wont understand what i said untill you answer my question: Is this persistent data for a player just on that server or for all servers?
>From: "Paul Samways" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: <[EMAIL PROTECTED]> >Subject: Re: [hlcoders] Client commands >Date: Sat, 15 Jun 2002 19:04:03 +0100 >But your argument there can be applied to anything. Yes, someone can >intercept the username and hashed password, but that can be said for pretty >much everything I log onto on the web. There's no way to prevent that >without me putting SSL code in and rewriting the database server code as >well (like I'm gonna do that). > >And what exactly do you mean by "just sending a hash of your password to >the >server isnt secure, as the server can just replay that hash and act as >you..." ?. Not sure which server you mean by 'server' and also how you >think >they'd use this to their advantage? > >----- Original Message ----- >From: "Jonah Sherman" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Saturday, June 15, 2002 6:11 PM >Subject: Re: [hlcoders] Client commands > > > > Actually, this isnt as much of a problem as you might think. ALL HL data >is > > encrypted before being sent over the network.. Are you planning on >storing > > player data for just that server or globally? If you planning on having >a > > master server store everyones info, you might want to rethink your >protocol, > > just sending a hash of your password to the server isnt secure, as the > > server can just replay that hash and act as you... > > > > > > >From: "Paul Samways" <[EMAIL PROTECTED]> > > >Reply-To: [EMAIL PROTECTED] > > >To: <[EMAIL PROTECTED]> > > >Subject: [hlcoders] Client commands > > >Date: Fri, 14 Jun 2002 18:54:21 +0100 > > >Is it possible to preprocess client commands being sent to the server > > >before > > >they're sent? > > > > > >I'd like to run an md5digest on a password argument before it flys off >over > > >the internet to the server. Is this possible? > > > > > >I was going to have players persistent info stored against AuthID, but >then > > >I realised it'd be nice to be able to log in at someone elses machine >and > > >still get your stats/score updated. So now I need some way of a player > > >entering a username/password combo and not have a plaintext password >either > > >travel across the network or be stored in a text file (which would >happen > > >if > > >I used a cvar wouldn't it?). > > > > > >Any suggestions to throw into the pot? > > > > > >Paul > > > > > >_______________________________________________ > > >To unsubscribe, edit your list preferences, or view the list archives, > > >please visit: > > >http://list.valvesoftware.com/mailman/listinfo/hlcoders > > > > > > > > > > > > > _________________________________________________________________ > > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, >please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlcoders > > > >_______________________________________________ >To unsubscribe, edit your list preferences, or view the list archives, >please visit: >http://list.valvesoftware.com/mailman/listinfo/hlcoders > _________________________________________________________________ Join the world�s largest e-mail service with MSN Hotmail. http://www.hotmail.com _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
