Sign in to follow this  
akaedis

Player Authenticator

Recommended Posts

Well after hearing of a 2nd WU Player authentication breach, i think it's time someone made a Player Authenticator that makes it so when you join the server that has this mod on it, you can set a password for the character and if its typed incorrectly, it kicks you. If typed correctly, it let's you see your inventory, move, interact, talk on the server, etc. 

 

Perhaps use the method of not rendering the world/interacting with first joining a server/character creation? i dunno, just spitting idea's here

Share this post


Link to post
Share on other sites

I have written a potential fix for it. I'm not 100% certain it will work, but at least it's a start.

Sindusk Server Tweaks

Graham and Jonneh from the original Wyvern server wrote this fix and applied it a year ago. I believe they reported the issue but it was never resolved. This is an attempt to replicate their SecureAuthentication method in ago's modloader.

Edited by Sindusk

Share this post


Link to post
Share on other sites
3 hours ago, Sindusk said:

I have written a potential fix for it. I'm not 100% certain it will work, but at least it's a start.

Sindusk Server Tweaks

Graham and Jonneh from the original Wyvern server wrote this fix and applied it a year ago. I believe they reported the issue but it was never resolved. This is an attempt to replicate their SecureAuthentication method in ago's modloader.

 

While that is most appreciated Sindusk, I think it would be best for a password feature to be introduced, So even if someone for some reason some how got into the server with your character, They still would need to know the password set for that server character in order to do anything whatsoever. 

Share this post


Link to post
Share on other sites

What exactly is the case with the current "new exploit". As far as I cant see it was a physical system breach. Or I am missing something. 

The current system can use some tweaking (detecting ip changes, etc), but it's not a bad way to do it. Tying it to steam is not too bad. Besides we are still just using hashed steamid's in a sqlite db, over mostly non-SSL transports, so there could be bigger fish to fry if you're serious about it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this