0 Replies Latest reply on Apr 1, 2007 3:40 PM by Pixel_Pusher

    secure login to prevent banned members

    Pixel_Pusher
      We want to protect login for a director project.

      Currently it does a username and password.

      The problem is if some gets banned they can typically store the last string via a sniffer and re enters the game, thus causing issues.

      SSL is out of the question due to MUS and shockwave stuff not working well under that. This is only to protect the login part.

      We had a few experiments like encrypting a time stamp and comparing it with the one they logged in. It works, but the problem is if the sniffer captures that it will not matter. The time stamp will match.

      I was thinking about using Director Time to match it but Director uses
      the users computer not the server. So there are issues there.

      So it seems like what every method we think of it is difficult to protect the login because even if it is encrypted they just have to get in the first time and repeat the same string.

      Any suggestions? I am sure this has come up a few times.

      Thanks