Server Security
#1

Hey guys. I made my own login/register with mysql. I was wondering the best way to make it secure. Could anyone post some ideas?
Reply
#2

What do you mean?

Password hashing? Loading and saving the accounts data? Or something way more different?

Assuming that you keep the password hashing in your mind, I suggest you to use Whirlpool hashing. It's very secure, I'd even say that it's impossible to break. It has no weaknesses and there is a ready-to-use plugin, made by ****** - which you can check out over here.
Reply
#3

Yea things such as loading and saving. Also thanks for the tip on Whirlpool.
Reply
#4

Well first of all you should probably reset player's variables, when they connect and then get player's password from the database separately. Hash the params (for command) or input (for dialog) when player logs in and check if it matches the password hash in database. If it does, load all of the data from database and store it in variables.

As for the saving, I can't figure out any "special" ways. Just get the variables and update the database. You could take a look at CleanScript(MySQL) (assuming it still exists) made by RealCop228, or any other MySQL based scripts to get some inspiration.
Reply
#5

Could you show me some code for when logging in. I used whirlpool and hashed the password. Then when I reconnected i had it hash that password after input. But it didn't work. Said my password was wrong.
Reply
#6

Are you using dialogs? Let's assume that you are and you have already fetched the player's password from the database, also stored it as "password" variable.

Now you have to hash the input text from the dialog using Whirlpool and then you can compare it with strcmp, which is used to compare two strings to see if they are same. If the hash matches the value of the variable you fetched from the database, load the player's data, if not do what you have to do.

Something like that should work fine:
pawn Код:
new hash[129];
WP_Hash(hash, sizeof(hash), inputtext);
if(!strcmp(hash, password, true))
{
    // Load the player's data
} else {
    // Wrong password
}
Reply
#7

I will put it in and test it. Thanks man!
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)