Https Protocol
by Robert Pierce · in Torque Game Engine · 02/17/2005 (1:29 pm) · 13 replies
Is there any support for the HTTPS protocol? I have been searching the resources and found nothing, and a forum search only turned up links that contained HTTPS.
Would HTTPObject happen to support this?
Sorry for being a newbie.
Would HTTPObject happen to support this?
Sorry for being a newbie.
#2
02/17/2005 (1:41 pm)
I was going to use the HTTPS protocol as it is supposed to be more secure than HTTP. Since data for my project is stored on a webserver, I wanted to allow somewhat secure transfers of data between the external server and the Torque app.
#3
HTTPS is pretty simple to code with...
Overall, what are you actually trying to achieve? There may well be better ways of doing whatever it is, and if your reasoning includes "I've heard that it's more secure...", then you're probably barking up the wrong tree.
I can help with HTTPS, but it's probably the wrong solution to the problem.
Gary (-;
02/17/2005 (2:16 pm)
Well, it all depends on what data you have, what you want to do with it...HTTPS is pretty simple to code with...
Overall, what are you actually trying to achieve? There may well be better ways of doing whatever it is, and if your reasoning includes "I've heard that it's more secure...", then you're probably barking up the wrong tree.
I can help with HTTPS, but it's probably the wrong solution to the problem.
Gary (-;
#4
Technically, this data could be intercepted easily, correct?
I wanted to use HTTPS as it should technically be safer, correct?
(Yes, I do know my profile says "Security Expert" but I am meaning Encryption/Decryption kinda security there)
02/17/2005 (2:22 pm)
I am using PHP scripts to access data in a MySQL database and all examples of this have been using HTTPObject. Technically, this data could be intercepted easily, correct?
I wanted to use HTTPS as it should technically be safer, correct?
(Yes, I do know my profile says "Security Expert" but I am meaning Encryption/Decryption kinda security there)
#5
- Brett
02/17/2005 (2:46 pm)
Well, since HTTPS isn't supported by the HTTPObject, directly, why no use your expertise to create something even more secure. Since the HTTPObject derives from the TCPObject, you could establish a more proprietary protocol (instead of using a known protocol) and secure it up that way.- Brett
#6
02/17/2005 (3:23 pm)
Ideally your MySQL server shouldn't be on the internet. Your server should be talking to a MySQL server on the same machine or one that is connected to another interface, not accessible by to the internet.
#7
Robert, before choosing https for your project, make a search with google about "rpc" and "security" or more precisely "xml-rpc" and "https". You will read a lot about https overhead and alternative solutions.
02/17/2005 (4:28 pm)
@Harold : If I understand the meaning of Robert, the MySQL server is accessed throught a PHP script of the server, so the purpose of https is not to protect things like login/pass to the MySQL database, but only to obfuscate the data that are transmitted.Robert, before choosing https for your project, make a search with google about "rpc" and "security" or more precisely "xml-rpc" and "https". You will read a lot about https overhead and alternative solutions.
#8
@Pat:
That is what I meant by all of that, and thank you for that information to look up.
@Harold:
The MySQL server doesn't accept any incoming connections except those from the loopback address.
Currently I have been using HTTP with HTTPObject with it and I wanted to step up the security abit (I am horribly cynical and paranoid).
@Brett:
I was looking for a fast, easy to use method first before I did something like that. I already lost a few years of progress on this game (Windows died on me, ended up reformatting my harddrive).
02/17/2005 (4:33 pm)
Sorry everyone, I was gone for awhile, otherwise I would have posted.@Pat:
That is what I meant by all of that, and thank you for that information to look up.
@Harold:
The MySQL server doesn't accept any incoming connections except those from the loopback address.
Currently I have been using HTTP with HTTPObject with it and I wanted to step up the security abit (I am horribly cynical and paranoid).
@Brett:
I was looking for a fast, easy to use method first before I did something like that. I already lost a few years of progress on this game (Windows died on me, ended up reformatting my harddrive).
#9
I feel that this question has gone not fully answered.
I am having the same concern about transporting login/password information between the client and the Torque server. What would be the best way to transport such information?
thanks
05/06/2006 (10:58 am)
HelloI feel that this question has gone not fully answered.
I am having the same concern about transporting login/password information between the client and the Torque server. What would be the best way to transport such information?
thanks
#10
"I am having the same concern about transporting login/password information between the client and the Torque server."
Well before transmitting the string data
try COMP (each char) with $254 (FE)
that was used by Quarterdeck QEMM ver 7
as a floppy registration method (took about 20 mins to break :) )
get a tad more creative
like COMP (each char) with $254 - (char position in string)
at least it changes a bit with each char
heres a good method people with more than 1 PC hate
make the name/password tied to an IP
only valid if it comes from the IP that created the account
makes me wonder why a client cant be made that logs you in properly
based on your IP address requiring no acct data at all after account is created
hard to break in if theres no blanks to fill in
ya I know dial up users get a new IP with each login (usually)
but really whose going to play a torque 3d game (or any other MMO)with a dialup connection?
might as well get out the ol' 386/25 with the ISA video card and make it AO'ell
05/06/2006 (11:04 pm)
Bisher Tarakji"I am having the same concern about transporting login/password information between the client and the Torque server."
Well before transmitting the string data
try COMP (each char) with $254 (FE)
that was used by Quarterdeck QEMM ver 7
as a floppy registration method (took about 20 mins to break :) )
get a tad more creative
like COMP (each char) with $254 - (char position in string)
at least it changes a bit with each char
heres a good method people with more than 1 PC hate
make the name/password tied to an IP
only valid if it comes from the IP that created the account
makes me wonder why a client cant be made that logs you in properly
based on your IP address requiring no acct data at all after account is created
hard to break in if theres no blanks to fill in
ya I know dial up users get a new IP with each login (usually)
but really whose going to play a torque 3d game (or any other MMO)with a dialup connection?
might as well get out the ol' 386/25 with the ISA video card and make it AO'ell
#11
As a work around, try using stunnels, but setting that up on client/server side would be more of a headache and more or less a lesson in tunneling through a channel.
Having a secure connection to the server, when required should be something implemented in the engine. This would make an excellent 'kit' for Torque as there is quite the demand for it considering how much rampant online games and cheating have become for consumers.
- Dennis
05/08/2006 (10:30 am)
Https would be a welcome addition to Torque. IT would be nice. There is a resource I found someplace that tried to compile openssl into the torque exe. Try searching the resources for that. I do not know the status of the package.As a work around, try using stunnels, but setting that up on client/server side would be more of a headache and more or less a lesson in tunneling through a channel.
Having a secure connection to the server, when required should be something implemented in the engine. This would make an excellent 'kit' for Torque as there is quite the demand for it considering how much rampant online games and cheating have become for consumers.
- Dennis
#12
11/24/2007 (12:35 am)
Some news or resources of implementations of HTTPS in TGE?, how i will can start my own implementation? (libraries, source code, etc...)
#13
11/27/2007 (3:19 pm)
Downloading and integrating libcurl (compiled with SSL support) is the easiest way to get https, IMHO.
Associate Adrian Wright
Max Gaming Technologies