Data-over-internet question.
by Nathan Huffman · in Torque Game Builder · 10/20/2006 (12:51 am) · 4 replies
Greets, gents. (and ladies?)
I'm getting all of my ducks in a row for my project, then I'm going to start in with the glue.
"My game" is going to be client/server based. I'm shooting the route where only I will have the 'server files', so I was curious what insight could be given to me in regards to...
*TGB's Lite Netcode. How "plain english" are the packets? I don't want people making their own 'server executable' because the packets are easily broken and emulated. (am I making sense?)
*Server security. Can you think, or tell me from experience, any things I want to be sure about my Windows/Linux server machine to make sure it doesn't get hacked/rooted and my 'server files' stolen?
*Any other modifications I should be sure to make to the client TGB executable.
Thanks.
I'm getting all of my ducks in a row for my project, then I'm going to start in with the glue.
"My game" is going to be client/server based. I'm shooting the route where only I will have the 'server files', so I was curious what insight could be given to me in regards to...
*TGB's Lite Netcode. How "plain english" are the packets? I don't want people making their own 'server executable' because the packets are easily broken and emulated. (am I making sense?)
*Server security. Can you think, or tell me from experience, any things I want to be sure about my Windows/Linux server machine to make sure it doesn't get hacked/rooted and my 'server files' stolen?
*Any other modifications I should be sure to make to the client TGB executable.
Thanks.
#2
Actually, it uses application level guaranteed ordered NetEvents implemented over UDP (commandToServer, commandToClient)
I think what you may be referring to however is a utility object called TCPObject, which provides basic socket capability over TCP/IP, and has been used by some developers for external application communication.
10/20/2006 (9:52 am)
Quote:
it uses vanilla HTTP/TCP
Actually, it uses application level guaranteed ordered NetEvents implemented over UDP (commandToServer, commandToClient)
I think what you may be referring to however is a utility object called TCPObject, which provides basic socket capability over TCP/IP, and has been used by some developers for external application communication.
#3
I'm guessing though that the gist of the answers still apply? I didn't think the built-in client/server stuff has any data protection built in by default either.
10/20/2006 (12:57 pm)
You're right Stephen, I assumed he was talking about a self-built server platform instead of Torque-to-Torque communication, but re-reading, it could be either.I'm guessing though that the gist of the answers still apply? I didn't think the built-in client/server stuff has any data protection built in by default either.
#4
Disable ftp and telnet services. You can login and transfer files through SSH. I use winSSH to transfer files and use the shell.
Don't allow remote login as root. You can login as a normal user and then 'su' up to root. This forces attackers to get two passwords rather than just the root password. It's not much but it makes a difference.
10/26/2006 (12:28 pm)
A few suggestions in terms of server security.Disable ftp and telnet services. You can login and transfer files through SSH. I use winSSH to transfer files and use the shell.
Don't allow remote login as root. You can login as a normal user and then 'su' up to root. This forces attackers to get two passwords rather than just the root password. It's not much but it makes a difference.
Torque 3D Owner Luke D
Default Studio Name
There are countless security issues specific to each brand/version of OS you are using. Make sure to be fully up to date on any security patches/updates, disable and and all services that you aren't using, and try as much as possible to use standardized protocols and server applications which are already hardened against attack.
You probably want to look at the encryption resources for TGE/TGB found around this site. From the sound of it you'll probably want to not only encrypt the communication protocol on the fly, but also encrypt the assets you are transferring. Also the current network implementation is text only by default. Search for 'encryption' to find several relevent resources and threads.
Also if you're going to be transferring binary assets (images, compiled scripts, etc.) you'll want to look at a few of the binary file transfer modifications available to the engine, do a serch for 'file transfer' to find some of the solutions.