Sign in to follow this  
akaedis

Player Authenticator

Recommended Posts

Well after hearing of a 2nd WU Player authentication breach, i think it's time someone made a Player Authenticator that makes it so when you join the server that has this mod on it, you can set a password for the character and if its typed incorrectly, it kicks you. If typed correctly, it let's you see your inventory, move, interact, talk on the server, etc. 

 

Perhaps use the method of not rendering the world/interacting with first joining a server/character creation? i dunno, just spitting idea's here

Share this post


Link to post
Share on other sites

I have written a potential fix for it. I'm not 100% certain it will work, but at least it's a start.

Sindusk Server Tweaks

Graham and Jonneh from the original Wyvern server wrote this fix and applied it a year ago. I believe they reported the issue but it was never resolved. This is an attempt to replicate their SecureAuthentication method in ago's modloader.

Edited by Sindusk

Share this post


Link to post
Share on other sites
3 hours ago, Sindusk said:

I have written a potential fix for it. I'm not 100% certain it will work, but at least it's a start.

Sindusk Server Tweaks

Graham and Jonneh from the original Wyvern server wrote this fix and applied it a year ago. I believe they reported the issue but it was never resolved. This is an attempt to replicate their SecureAuthentication method in ago's modloader.

 

While that is most appreciated Sindusk, I think it would be best for a password feature to be introduced, So even if someone for some reason some how got into the server with your character, They still would need to know the password set for that server character in order to do anything whatsoever. 

Share this post


Link to post
Share on other sites

What exactly is the case with the current "new exploit". As far as I cant see it was a physical system breach. Or I am missing something. 

The current system can use some tweaking (detecting ip changes, etc), but it's not a bad way to do it. Tying it to steam is not too bad. Besides we are still just using hashed steamid's in a sqlite db, over mostly non-SSL transports, so there could be bigger fish to fry if you're serious about it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this