Security Login

[EduKrowlley]

Hi guys! Its me again!

 

I've been thinking about the login system with the server by client-side, Intersect already have some system to verify the authenticity of the client and allow (or not) the connection?

Something like we make for web systems to allow APIs to be read, like a token what must be decrypted by the server and authenticated to allow the connection.

And about the version? Something to verify if the user has the latest version of client installed?

[panda]

@EduKrowlley

This PR will automatically generate keys on build: https://github.com/AscensionGameDev/Intersect-Engine/pull/204
 

This is based on the development branch, and so if you are already basing off that you can use it by rebasing on top of the PR's branch, or wait until JC has a chance to sit down and review the PR and merge it into development.

Intersect.Utilities is effectively dead, and I won't be modifying that to manually accomplish a job that the build scripts can handle automatically.
 

It's configured such that for Release builds, keys will only be generated if the private key does not exist (public key is technically a subset of the information in the private key, so it can and will be regenerated from the private key, but not the other way around). For non-Release builds, keys will be generated each time Intersect.Network is rebuilt. Keys are stored in build/<lowercase configuration name>/keys (e.g. "build/debug/keys" or "build/release/keys").

I highly recommend each time you update the version with a breaking change in a release build that you also delete the keys so the new client/server pair has a fresh set of keys. Release build does not wipe the keys each build in case you release some bug fixes that only requires a modification to one of the executables.

[jcsnider]

There is an encryption key used so only intersect clients can make a connection. (Unless someone takes the key and uses it in another program)

 

The server and client also communicate versions and won't allow the connections if there is a mismatch. 

[EduKrowlley]

1 hour ago, jcsnider said:

There is an encryption key used so only intersect clients can make a connection. (Unless someone takes the key and uses it in another program)

 

The server and client also communicate versions and won't allow the connections if there is a mismatch. 

 

Okay, where can we change these keys on both client and server side? And how can we control these versions?

 

Another question, here on this forum, somewere I've read we have a autoupdater included, where and how can we manage this?

[jcsnider]

The versions are the project versions within the visual studio projects. You gotta change the version number on all the projects (client, server, editor, core, network, etc) and then compile.

'

The encryption keys are embedded in the client and server source. @panda made the Intersect.Utilities library to help generate keys. He can maybe describe the process of switching them out.

 

Documentation for the built in update is here:

https://docs.freemmorpgmaker.com/deploy/autoupdater.html

[EduKrowlley]

34 minutes ago, jcsnider said:

The versions are the project versions within the visual studio projects. You gotta change the version number on all the projects (client, server, editor, core, network, etc) and then compile.

'

The encryption keys are embedded in the client and server source. @panda made the Intersect.Utilities library to help generate keys. He can maybe describe the process of switching them out.

 

Documentation for the built in update is here:

https://docs.freemmorpgmaker.com/deploy/autoupdater.html

 

Very nice, thank you! Gonna wait for @panda.