Some thoughts...
Chris dijo
hace mucho tiempo | Publicación #2 Our username get works for external plays using our embed system, and is guaranteed to be an authenticated username, as in no faking, cheating etc.
XIX dijo
hace mucho tiempo | Publicación #3 Actually you can not guarantee that it is not faked, the attacker has the client and can tell the game anything. Its only secure when sending to your server if at all and even then the game client can never know what the real name of the player is.
Whatever you are doing, is not secure.
The issue I have with this is you have to wait for a response, and write timeout test code for when it never returns. In order to actually test all of this I need to write my own local copy/version of your server code. It just over complicates things, what should be one line of code that can never go wrong is now network message management that can go wrong in many horrible ways.
Keep it simple, pass the name in on site, people can still use the api call to pick up that name if they wish, nothing breaks.
Can I work with what you have?
sure,
I'm just not going to right now and thats exactly why, take that feedback and use it. Or not. It's your call..
Whatever you are doing, is not secure.
The issue I have with this is you have to wait for a response, and write timeout test code for when it never returns. In order to actually test all of this I need to write my own local copy/version of your server code. It just over complicates things, what should be one line of code that can never go wrong is now network message management that can go wrong in many horrible ways.
Keep it simple, pass the name in on site, people can still use the api call to pick up that name if they wish, nothing breaks.
Can I work with what you have?
sure,
I'm just not going to right now and thats exactly why, take that feedback and use it. Or not. It's your call..
Publicación #4 eliminada
Publicación #5 eliminada
Publicación #6 eliminada
Chris dijo
hace mucho tiempo | Publicación #7 | en respuesta a #3The system uses the same auth mechanism as the site itself, unless you have a valid session on our site no data will be attached to your user, as of now the api will return whatever username you parse to the flash file, bit that will change very soon.
Additionally I do not believe a simple http request to be something that can go wrong in many horrible ways. If that was the case the internet would be unbearable with broken images and none working websites at random.
In the end its TCP/IP which is pretty damn solid.
Additionally I do not believe a simple http request to be something that can go wrong in many horrible ways. If that was the case the internet would be unbearable with broken images and none working websites at random.
In the end its TCP/IP which is pretty damn solid.
Publicación #8 eliminada
Contestar al tema
Regístrate ahora para responder a éste tema
XIX dijo
hace mucho tiempo | Publicación #1Just pass the players name in on root, I'm not really interested in waiting an unknown amount of time for a call back to complete for this information.
Don't use mx.delegate , I don't have it under mtasc so I'm going to have to edit your code. Just roll a small one of your own, the codes not that complicated just do something like this...
http://svn.zope.de/zope.org/z3c.reference/trunk/flash/src/net/hiddenresource/util/Delegate.as
Please just pass in the user name somewhere on root, even newgrounds does this nowadays :)
Cheers,
Kriss