| View previous topic :: View next topic |
| Author |
Message |
PlasmaJohn
Joined: 04 Mar 2005
Posts: 70
Location: The Garage
|
 Posted: Thu Oct 09, 2008 15:36 Post subject: Authentication hooks (wishlist) |
 |
|
| patch 1.66 wrote: | | # Added new option to the nwnplayer.ini file under [Server Options] "Account validation required during Master Server down times=1" If this option is turned on, the server will track the public CD-Keys of each player logging onto the server. If the Master Server ever goes down for any reason (e.g. for scheduled maintenance) then the server will validate itself that the player name of any new player trying to connect is in fact using the same public cd-key that they last logged in with. |
As many of us are aware, Master Server reliability over the last two months has been spotty (yes I'm being kind).
The above option works, but it has a significant design defect: it reads and writes values to nwnplayer.ini. I believe it also stores all of those keys into memory. If we were talking a few hundred keys, it would be tolerable but reality is closer to a few tens of thousands of keys with several hundred being used consistently. Manually maintaining that list is an unnecessary chore and even if it were pruned to the active keys, still causes significant restart lag and wastes system resources to keep them memory resident.
If possible I would like to see the in-memory keystore functions used to store a key and search for inclusion to be hooked and that the path to write them out to the nwnplayer.ini be disabled. |
|
| Back to top |
|
 |
virusman
Joined: 30 Jan 2005
Posts: 1020
Location: Russia
|
| Posted: Thu Oct 09, 2008 19:04 Post subject: |
|
|
| I can hook a login attempt event and pass all necessary parameters to a handler script. |
|
| Back to top |
|
|
axs
Joined: 11 Feb 2005
Posts: 76
|
| Posted: Thu Oct 09, 2008 22:02 Post subject: |
|
|
| Huh, that would be nice, but also with ability to refuse login. |
|
| Back to top |
|
|
FunkySwerve
Joined: 02 Jun 2005
Posts: 377
|
| Posted: Thu Oct 09, 2008 22:42 Post subject: |
|
|
We use our database for this, since it's possible to avoid Master Server authentication even when it's up - meaning you can log into someone else's account even without their password, let alone their cd key. If you're using MySQL or SQLite, the simplest solution is just to boot on login if an unauthorized key tries to login. We allow players to add new keys to their accounts, as well - up to 7.
Funky |
|
| Back to top |
|
|
Jambo
Joined: 24 Sep 2008
Posts: 22
|
| Posted: Fri Oct 10, 2008 13:05 Post subject: |
|
|
That would be great to see if you can write it virusman. 
One other thing I often think may have been interesting to see (if possible) would be to hook the actual password someone entered to connect to the server and pass it to a script. It would kind of allow for using the "server password" box for any kind of authentication method we may want in the future. To give an example, it would be possible to created a server with private registrations and for every player who joins a unique server password is created for them to use. |
|
| Back to top |
|
|
PlasmaJohn
Joined: 04 Mar 2005
Posts: 70
Location: The Garage
|
| Posted: Fri Oct 10, 2008 17:02 Post subject: |
|
|
| FunkySwerve wrote: | | We use our database for this, since it's possible to avoid Master Server authentication even when it's up - meaning you can log into someone else's account even without their password, let alone their cd key. |
How? The client's authentication is advisory to the user. The server makes its own query to the Master Server and doesn't (ok, shouldn't) depend on the client. If the client's authentication matters to the server, that's a blatant security hole that needs to be reported to Bioware.
| Quote: | | If you're using MySQL or SQLite, the simplest solution is just to boot on login if an unauthorized key tries to login. |
I really do wish to prevent login. Bans for one, but also to keep people off the server when it's initializing.
| virusman wrote: | | I can hook a login attempt event and pass all necessary parameters to a handler script. |
Just as long as we can tell what the Master Server response is: yea, nay, unreachable. Any nays get refused (and maybe recorded), any yea's store the username and keys if we don't already have them. Any time the MS is unreachable, we'll just grab them from the database.
| Jambo wrote: | | ... unique player server passwords ... |
That's also another thing I've wanted. |
|
| Back to top |
|
|
virusman
Joined: 30 Jan 2005
Posts: 1020
Location: Russia
|
| Posted: Fri Oct 10, 2008 18:21 Post subject: |
|
|
| PlasmaJohn wrote: | | FunkySwerve wrote: | | We use our database for this, since it's possible to avoid Master Server authentication even when it's up - meaning you can log into someone else's account even without their password, let alone their cd key. |
How? The client's authentication is advisory to the user. The server makes its own query to the Master Server and doesn't (ok, shouldn't) depend on the client. If the client's authentication matters to the server, that's a blatant security hole that needs to be reported to Bioware. |
Yes, it does rely on client-side authorization. The server doesn't check the client's account authorization, it only validates the cd keys through master server. |
|
| Back to top |
|
|
FunkySwerve
Joined: 02 Jun 2005
Posts: 377
|
| Posted: Sat Oct 11, 2008 2:37 Post subject: |
|
|
| PlasmaJohn wrote: | | FunkySwerve wrote: | | We use our database for this, since it's possible to avoid Master Server authentication even when it's up - meaning you can log into someone else's account even without their password, let alone their cd key. |
How? The client's authentication is advisory to the user. The server makes its own query to the Master Server and doesn't (ok, shouldn't) depend on the client. If the client's authentication matters to the server, that's a blatant security hole that needs to be reported to Bioware.
|
For obvious reasons I'm not going to go into details, but it's extremely easy to do, and I've seen fairly young (or at least extremely immature) players do it to steal accounts. Using this ex_plo_it, they can login to someone else's account, without the password, and play, unless you have serverside cdkey authentication. The Master Server authentication just doesn't hack it.
| Quote: |
| Quote: | | If you're using MySQL or SQLite, the simplest solution is just to boot on login if an unauthorized key tries to login. |
I really do wish to prevent login. Bans for one, but also to keep people off the server when it's initializing.
|
Acaos experimented some with this, when we had some difficulty with someone logging in with deliberately corrupted characters to crash the servers. He wound up stripping first timer gear before their login hit the server instead, but maybe it's possible - I think he chose it as the simpler option, rather than the only option, but he'd have to speak to that. If he doesn't post here, you might want to pm him. It might help if you clarified the reasons why it's so important to prevent login altogether.
Funky |
|
| Back to top |
|
|
Jambo
Joined: 24 Sep 2008
Posts: 22
|
| Posted: Sat Oct 11, 2008 20:30 Post subject: |
|
|
| If that's the case with the master server, creating a method of unique server passwords for every member may almost provide the best level of security although it would certainly come with complications (portalling between servers, security of that, etc). That is assuming it could be hooked to such a level. |
|
| Back to top |
|
|
FunkySwerve
Joined: 02 Jun 2005
Posts: 377
|
| Posted: Sat Oct 11, 2008 20:42 Post subject: |
|
|
We've found cd key verification to be perfectly sufficient, for the last couple years.
Funky |
|
| Back to top |
|
|
ShaDoOoW
Joined: 20 Aug 2005
Posts: 584
|
| Posted: Sun Oct 12, 2008 22:40 Post subject: |
|
|
| FunkySwerve wrote: | We've found cd key verification to be perfectly sufficient, for the last couple years.
Funky |
Well not me. I played on HG so I assume you setting CD-KEY in first login with given character. I used it too, becose other ways are user unfriendly (like php web CD-KEY registration). Anyway, there are players that don't know about this and someday they change their CD-KEY (well lets say in my country is possible to play with cr ac ked cdkey) they cannot log in. And then you have to do possibility to delete stored CD-KEY on char and that even more user unfriendly than web way...
_________________
Community Patch / NWNX Patch / NWNX Files / NWNX Connect |
|
| Back to top |
|
|
FunkySwerve
Joined: 02 Jun 2005
Posts: 377
|
| Posted: Mon Oct 13, 2008 0:47 Post subject: |
|
|
| ShaDoOoW wrote: | | FunkySwerve wrote: | We've found cd key verification to be perfectly sufficient, for the last couple years.
Funky |
Well not me. I played on HG so I assume you setting CD-KEY in first login with given character. I used it too, becose other ways are user unfriendly (like php web CD-KEY registration). Anyway, there are players that don't know about this and someday they change their CD-KEY (well lets say in my country is possible to play with cr ac ked cdkey) they cannot log in. And then you have to do possibility to delete stored CD-KEY on char and that even more user unfriendly than web way... |
No, users are able to add new keys from ingame - up to 7, as I said. It hasn't proven to be a problem, though we do get the infrequent forum message asking for the account's key to be cleared - which only takes a few seconds.
Funky |
|
| Back to top |
|
|
ShaDoOoW
Joined: 20 Aug 2005
Posts: 584
|
| Posted: Mon Oct 13, 2008 1:36 Post subject: |
|
|
| FunkySwerve wrote: | No, users are able to add new keys from ingame - up to 7, as I said. It hasn't proven to be a problem, though we do get the infrequent forum message asking for the account's key to be cleared - which only takes a few seconds.
Funky |
Misread it. And InGame didn't read it.
Thats much better way than mine  .
_________________
Community Patch / NWNX Patch / NWNX Files / NWNX Connect |
|
| Back to top |
|
|
Asparius
Joined: 18 Sep 2007
Posts: 52
|
| Posted: Mon Oct 13, 2008 18:18 Post subject: |
|
|
| virusman wrote: | | PlasmaJohn wrote: | | FunkySwerve wrote: | | We use our database for this, since it's possible to avoid Master Server authentication even when it's up - meaning you can log into someone else's account even without their password, let alone their cd key. |
How? The client's authentication is advisory to the user. The server makes its own query to the Master Server and doesn't (ok, shouldn't) depend on the client. If the client's authentication matters to the server, that's a blatant security hole that needs to be reported to Bioware. |
Yes, it does rely on client-side authorization. The server doesn't check the client's account authorization, it only validates the cd keys through master server. |
Is it really true? I tried to cut off connections to Master Server, allowing nwmain.exe to connect only to game server. I tried to login with false password and server has rejected it. When used true password, server allowed me to login... |
|
| Back to top |
|
|
FunkySwerve
Joined: 02 Jun 2005
Posts: 377
|
| Posted: Tue Oct 14, 2008 3:14 Post subject: |
|
|
Yes, it's really true.
Funky |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
