AFAIK the STEAM Account Creation Process works like this You Install your game You put your CD Key in You create a STEAM Account which then attaches THAT CD Key to your STEAM_ID You now have a legitamate STEAM Account which has several variables attached to it. STEAM_ID, Username, Password, E-mail Address, Secret Question & CD Key.
The only thing you need to now use that STEAM Account on ANY PC with STEAM installed is your STEAM Account Login & Password and you are assigned the STEAM_ID that is attached to that STEAM Account Name & Password. The STEAM_ID that everybody see's on the Server should match that persons STEAM Account & Password and it should be a simple procedure to query that STEAM Client for that particular Username and Password once a person joins a server, and if the details don't match they shouldn't have access, and one would think that a simple Valve server side challange/response like this ought to stop people who don't have legitamate rights to that STEAM_ID from playing online! The process is only slightly differenent for games purchased directly from STEAM, but still, at the time the Account is created, Valve still gets your Account Name, Password, E-mail address & Secret Question AND then THEY (Valve) assigns you a STEAM_ID to that Account. In both Cases, Valve has complete control over the assigning of STEAM_ID's to Account Name/Password/E-mail address combinations. On Sat, 18 Dec 2004 00:29:53 -0000, Graham McMaster <[EMAIL PROTECTED]> wrote: > It does, the actual Authentication appears to be done server side but if the > Server has no master servers listed then that's gotta be away around it. > Also the same with LAN servers. > > -Graham > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bruce "Bahamut" > Andrews > Sent: 18 December 2004 00:17 > To: [EMAIL PROTECTED] > Subject: Re: [hlds] When will the "nosteam" hacks be fixed? > > They are, though non-STEAM appears to bypass this connection. > > - Bruce "Bahamut" Andrews > > Whisper wrote: > > >Thats exactly what I thought! > > > > > >On Fri, 17 Dec 2004 11:09:56 -0800, Clayton Macleod > ><[EMAIL PROTECTED]> wrote: > > > > > >>forgive me if I'm wrong, but, aren't our CD keys tied to our steamid? > >>I mean, I can't go making 15 accounts and use the same CD key in all > >>of them. The second account will give an error stating that the CD key > >>has already been registered to the first account. > >> > >>On Fri, 17 Dec 2004 10:48:08 -0800, Darren J. Mason > >><[EMAIL PROTECTED]> wrote: > >> > >> > >>>CDKeys can and should be used FOR verification (since we all have them, > and > >>>the internet cafes pay for them as well). Screw SteamIDs, email addys, > and > >>>everything else. Why am I thinking that WON was a way better system than > >>>what we have now? Because Valve had a database of all our CDKEYS and it > was > >>>a hell of a lot harder to get online with a keygen'd key than it is now. > >>>Perhaps there isn't enough money left in Valve's pretty purse to run a > CDKEY > >>>verification server now???? > >>> > >>>Come on fellas - how about some communication Valve! What the heck is > going > >>>[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]&[EMAIL PROTECTED] > >>> > >>>-----Original Message----- > >>>From: [EMAIL PROTECTED] > >>>[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > >>>Sent: Friday, December 17, 2004 10:22 AM > >>>To: [EMAIL PROTECTED] > >>>Subject: Re: [hlds] When will the "nosteam" hacks be fixed? > >>> > >>>The STEAM_ID databases are as secure as any other online database system, > >>>the problem is their identification of registering users. > >>>They use an email address to tie it to a person. > >>>The problem isn't just the abundance of free email services. There are > also > >>>temporary email services that allow you to register with them with no > >>>personal information, they give you a temporary email address to use > >>>to register for a forum/ steam id / whatever. Once you register with > >>>this address, you check the mailbox, respond to the mail in it to > confirm > >>>it is a legit address and then the account is gone a day later. > >>> > >>>Email should not be used for identification as one person can have as > many > >>>accounts as they please. > >>> > >>>CD key can't really be used as some people play from internet cafe's so > they > >>>may have loads of people registering from the same installation (unless > >>>valve did a multi user license key that cost more but allowed an > unlimited > >>>amount of users to register from it and much stronger > >>>authentication of the purchaser. This would still allow people to get > >>>another ID if they used all their own ones) Or a family PC may have > >>>several users of the same game. I suppose having a maximum of 5 users > >>>per retail CD key would be an option as there would only be a finite > number > >>>of times someone could re-register without having to part with some cash > for > >>>another copy of the game. > >>> > >>>IP address changes, so that's no use. MAC address can be changed. > >>> > >>>CPU ID, Computers have the ability to use a unique identifier on the CPU > but > >>>the bios has the ability to disable it, so that's no use. > >>> > >>>Credit card number and registered billing address. Probably th most > >>>reliable and traceable, but that limits the customer base as not > everyone > >>>has one and there is one thing companies hate doing and that is limiting > >>>their customer base, so despite this being probably the best solution, I > >>>doubt that valve will use it. > >>> > >>>Public key certificates from a trusted third party. This could work > >>>but is just moving the problem one link further back in the chain. The > >>>Certificate Authority still needs to identify a person and you would need > to > >>>ensure they couldn't register for more than one certificate per > >>>person. In the long term I see a market for selling these if several > >>>game developers used the system. It would have to be slightly > >>>different to the current CA's around as you can register for as many > >>>certificates as you are willing to pay for with the existing ones. > >>> > >>>Basically until their is an international ID card with a centrally > >>>verifiable database (around 2048 I reckon, and half life 8 will be out > then > >>>with the same problems :) ) or the implementation of the Trusted > Computer > >>>Base, it is very hard to uniquely identify a machine or user. > >>> The closest thing there is to a centrally identifiable card tied to a > >>>persons address, that is internationally recognized is a credit card. > >>> > >>>End brain dump. > >>> > >>>I'd better do some real work now :) > >>> > >>>SlyOne > >>> > >>>_______________________________________________ > >>>To unsubscribe, edit your list preferences, or view the list archives, > >>>please visit: > >>>http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >>>_______________________________________________ > >>>To unsubscribe, edit your list preferences, or view the list archives, > please visit: > >>>http://list.valvesoftware.com/mailman/listinfo/hlds > >>> > >>> > >>> > >>-- > >>Clayton Macleod > >> > >>_______________________________________________ > >>To unsubscribe, edit your list preferences, or view the list archives, > please visit: > >>http://list.valvesoftware.com/mailman/listinfo/hlds > >> > >> > >> > > > >_______________________________________________ > >To unsubscribe, edit your list preferences, or view the list archives, > please visit: > >http://list.valvesoftware.com/mailman/listinfo/hlds > > > > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
