Graal Forums  

Go Back   Graal Forums > Development Forums > Future Improvements
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 09-21-2005, 07:27 PM
prozac424242 prozac424242 is offline
Registered User
prozac424242's Avatar
Join Date: May 2001
Location: Gone crazy: back soon
Posts: 356
prozac424242 is on a distinguished road
Send a message via ICQ to prozac424242 Send a message via AIM to prozac424242
alternative to ip validation on RC

Many people who use RC to connect are on dial up, and numerous ip additions are needed. This is sometimes a real inconvenience, and I have been on both the end of the one to update the ip list for someone, and have beem the on e to be not able to log in to rc, and needed to wait for hours for another admin to log in and update my ip list.

Not only is this a problem with dial up, but I have a comcast high speed cable modem, and it seems that they too have recently gone to DHCP, and in the past three days I have had at least five differences in my ip in the second set of numbers. for example, 64.181.*.* where the 181 is, that number almost always changes at least once, if not two or three times a day, and my cable modem is always on!

How about using the MAC address of the network card to identify a specific computer to log in? That hardware integrated number does not change unless you get a different comptuer. Or some kind of consistent number, without needing to shell out big bucks to comcast for a business account, which is the only way to get a static ip from them now.
__________________

Useful links:
Graal Stats
Client Script Functions-GS1 to GS2
Serverside Script Functions-Gscript page
Particle Engine-Player Attributes
Server Options-Admin rights-Gmaps
Quote:
Originally Posted by Admins
Thanks for developing and improving playerworlds and such
Reply With Quote
  #2  
Old 09-21-2005, 08:00 PM
napo_p2p napo_p2p is offline
oh snaps
napo_p2p's Avatar
Join Date: Sep 2003
Location: Pismo Beach, California
Posts: 2,118
napo_p2p has a spectacular aura aboutnapo_p2p has a spectacular aura about
Send a message via AIM to napo_p2p Send a message via MSN to napo_p2p
Stefan said something about being able to ban by "computer ID".

There should also be a way to limit the RC access to Computer ID as well.
__________________
Scito hoc super omnia.
Haec vita est tua una sola.
Dum vita superest, utere maxime quoque puncto, momento, et hora quae habes.
Tempus neminem non manet.
Noli manere tempus.
Carpe Diem

Seize the Day.
Reply With Quote
  #3  
Old 09-21-2005, 08:49 PM
Sildae Sildae is offline
Elven sorceress!
Sildae's Avatar
Join Date: Dec 2001
Location: Lothlòrien
Posts: 159
Sildae is on a distinguished road
Quote:
Originally Posted by prozac424242
How about using the MAC address of the network card to identify a specific computer to log in?
That is a bad idea because MAC addresses are rather easy to spoof.

Quote:
That hardware integrated number does not change unless you get a different comptuer.
Yes, it does. Also, what about people who connect to the internet without a network card? The IP address is really about the only thing that cannot be manipulated by the client.


Just log the set of IP adresses you receive and make out a pattern. "All the numbers change" is not a pattern.

If there is none that Graal would be content with, settle for the most common one, and if that fails you, gain new IP adresses until you get one that matches.


And what the hell is a computer ID and why would you ban people's computers?
__________________
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man."
-- George Bernard Shaw
Reply With Quote
  #4  
Old 09-21-2005, 09:11 PM
Ajira Ajira is offline
Poont.
Join Date: Oct 2004
Location: NY, USA
Posts: 477
Ajira is on a distinguished road
Quote:
Originally Posted by Sildae
And what the hell is a computer ID and why would you ban people's computers?
...
The new Graal banning system uses some computer ID to ban the player therefore no account can log in. =O
__________________
Liek omigosh.

Reply With Quote
  #5  
Old 09-21-2005, 10:00 PM
Ibonic Ibonic is offline
unsoundness
Ibonic's Avatar
Join Date: Sep 2002
Location: Long Island <3
Posts: 783
Ibonic will become famous soon enough
Quote:
Originally Posted by napo_p2p
There should also be a way to limit the RC access to Computer ID as well.
Yes - I've suggested this to Stefan a bunch of times, the last being just a few days ago. Glad someone agrees.
Reply With Quote
  #6  
Old 09-21-2005, 10:01 PM
Lance Lance is offline
dark overlord
Lance's Avatar
Join Date: Sep 2003
Location: Space Jam Mountain
Posts: 5,072
Lance is on a distinguished road
Quote:
Originally Posted by Ibonic
Yes - I've suggested this to Stefan a bunch of times, the last being just a few days ago. Glad someone agrees.
Bad idea. It can be spoofed.
Reply With Quote
  #7  
Old 09-21-2005, 10:04 PM
Ibonic Ibonic is offline
unsoundness
Ibonic's Avatar
Join Date: Sep 2002
Location: Long Island <3
Posts: 783
Ibonic will become famous soon enough
Quote:
Originally Posted by Lance
Bad idea. It can be spoofed.
True, but it's still better to have something extra for large IP ranges such as AOL. Obviously just computer ID based protection would be bad, I'll agree with that.
Reply With Quote
  #8  
Old 09-21-2005, 11:17 PM
Inspiration Inspiration is offline
7 Words
Inspiration's Avatar
Join Date: Oct 2004
Location: New York
Posts: 826
Inspiration is on a distinguished road
Send a message via AIM to Inspiration
Perhaps a password system would achieve this, set up in this mannor.

A 56k user, or any user, logs onto RC as normal using their account name and password.

When they connect to the server via RC, no functions, nor RC chat will be available to them, and they will not appear on the playerlist.

The NPC server will then PM them asking for their RC password. This password will be able to be set and saved by a manager or admin. The player then PMs the server the password to authenticate, and if correct, RC works as normal.

While not as secure as an IP, it is for sure an extra level of protection.
__________________
How to start your own project:

1. Annoy everybody on an existing project by submitting or proposing changes that they don't want
2. Formally declare all existing projects to be complete crap
3. Talk at great length about the deficiencies of other projects
4. Get drunk
5. ???
6. Profit
Reply With Quote
  #9  
Old 09-22-2005, 12:30 AM
Ajira Ajira is offline
Poont.
Join Date: Oct 2004
Location: NY, USA
Posts: 477
Ajira is on a distinguished road
Quote:
Originally Posted by Inspiration
Perhaps a password system would achieve this, set up in this mannor.

A 56k user, or any user, logs onto RC as normal using their account name and password.

When they connect to the server via RC, no functions, nor RC chat will be available to them, and they will not appear on the playerlist.

The NPC server will then PM them asking for their RC password. This password will be able to be set and saved by a manager or admin. The player then PMs the server the password to authenticate, and if correct, RC works as normal.

While not as secure as an IP, it is for sure an extra level of protection.
I was going to suggest something like this. It would make things much easier for me than having to give the manager my 54364346 ips.
__________________
Liek omigosh.

Reply With Quote
  #10  
Old 09-22-2005, 03:18 AM
Velox Cruentus Velox Cruentus is offline
Registered User
Velox Cruentus's Avatar
Join Date: Dec 2004
Location: Quebec, Canada
Posts: 465
Velox Cruentus is on a distinguished road
Send a message via ICQ to Velox Cruentus Send a message via AIM to Velox Cruentus
About the MAC Addresses:

It may be ease to spoof the MAC Address, but it would be hard to know what to spoof it to.
If the person managed to get their password and username, it doesn't matter whether the person is a hacker or not; They just need to ask to add their IP, and they pass in flawlessly; The staff get too used to adding IPs for that person, and the security measure is wrecked by doing so.
__________________
In a world of change... Who'll you believe?
Reply With Quote
  #11  
Old 09-22-2005, 03:10 PM
Sildae Sildae is offline
Elven sorceress!
Sildae's Avatar
Join Date: Dec 2001
Location: Lothlòrien
Posts: 159
Sildae is on a distinguished road
Quote:
Originally Posted by Velox Cruentus
It may be ease to spoof the MAC Address, but it would be hard to know what to spoof it to.
Like passwords. Except that if you want to work on a server, the staff there get your MAC address.
Quote:
They just need to ask to add their IP, and they pass in flawlessly; The staff get too used to adding IPs for that person, and the security measure is wrecked by doing so.
Asking to add MAC addresses will not be much different in this regard.
__________________
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man."
-- George Bernard Shaw
Reply With Quote
  #12  
Old 09-22-2005, 04:57 PM
raiden0899 raiden0899 is offline
Registered User
raiden0899's Avatar
Join Date: Oct 2004
Posts: 192
raiden0899 is on a distinguished road
Quote:
Originally Posted by Sildae
Asking to add MAC addresses will not be much different in this regard.
But MAC addresses never change so you will only need to have one or two set. When the person is hired, they can tell the admin how many MAC addresses they'll need (depending on how many different computers they use) and if anyone steals their account and password, they'll need to add one more MAC address than the player said he would need (causing the admin to become suspicious).

If you ask me, using MAC addresses is more secure than IP. A combination of the two might be better.
Reply With Quote
  #13  
Old 09-22-2005, 05:31 PM
Velox Cruentus Velox Cruentus is offline
Registered User
Velox Cruentus's Avatar
Join Date: Dec 2004
Location: Quebec, Canada
Posts: 465
Velox Cruentus is on a distinguished road
Send a message via ICQ to Velox Cruentus Send a message via AIM to Velox Cruentus
Quote:
Originally Posted by Sildae
Like passwords. Except that if you want to work on a server, the staff there get your MAC address.
Eh? If you're staff on the server, why would you want to hack in another staff's account? I mean, you'd see it through "Change Rights" or "View Other Players" Either of these should be set only if you trust the person in the first place.

Quote:
Asking to add MAC addresses will not be much different in this regard.
Umm... MAC Addresses are diectly linked to your HARDWARE ID (CONSTANT VARIABLE). Of course, changing hardware would cause a change in MAC Address, but it would be a lot more suspectible if you changed. In that case, the person would direct to a higher staff -- Someone (supposidly) more responsible/knowledgible on the subject. Dail-up users would be getting a slack, increasing security. Static IPs can still be used for IP Checking. It's just one more set of protection. (both validating the IP and Hardware.)
__________________
In a world of change... Who'll you believe?
Reply With Quote
  #14  
Old 09-23-2005, 03:29 AM
Clash Clash is offline
lemonlime rhino
Join Date: Aug 2001
Posts: 79
Clash is on a distinguished road
Send a message via AIM to Clash
Graalians just need to stop being *****s as far as security goes. Most of the problems with account theft is the owners themselves giving out the passwords or allowing players to send them viruses - in which case if a hacker gains access to someones passwords outside of an email account, they don't need a IP to log on. They just need to log on using the staff member's computer.

Graal's security system is far from flawless, but if a security breach occurs it's usually the fault of an ingorant staff member - not the system itself.
__________________
whuttup
Reply With Quote
  #15  
Old 09-23-2005, 04:51 AM
ForgottenLegacy ForgottenLegacy is offline
-Backtoscripts-
Join Date: Aug 2003
Location: California
Posts: 289
ForgottenLegacy is on a distinguished road
Send a message via AIM to ForgottenLegacy
Quote:
Originally Posted by Clash
Graalians just need to stop being *****s as far as security goes. Most of the problems with account theft is the owners themselves giving out the passwords or allowing players to send them viruses - in which case if a hacker gains access to someones passwords outside of an email account, they don't need a IP to log on. They just need to log on using the staff member's computer.

Graal's security system is far from flawless, but if a security breach occurs it's usually the fault of an ingorant staff member - not the system itself.
Last time I checked, this was about dynamic ip ranges and not people being idiots and giving people your account and password. And also, if a player sends a virus because of an action on Graal, than (s)he (and correct me if I'm wrong, please) can be banned on Graal.
__________________
"The higher you fly, the harder it is to breathe."

[Kaidenn] Maybe I will somehow take control of Lance's body when he isn't looking, have him log onto Kingdoms, update one script, and leave.
[Kaidenn] And leave him exactly where I found him, unchanged and completely unnaware of what just took place the last two minutes.
[GrowlZ] Lance: You might want to lock your bedroom door tonight
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 01:06 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.