Results 1 to 6 of 6
  1. #1
    Sock is offline Member
    Join Date
    Aug 2012
    Posts
    3
    Rep Power
    0

    Default User login in an online game?

    Hey!

    Im working on a pretty large project, an online multiplayer platformer:

    When you open the game you should be asked for username and password, and the game should check if the user+password matches in the database. Previously I used a simple .txt file for listing players: email;username;password;admin; (where the last value is a boolean, and the others strings)

    This is obviously not useable when I release the game to public.

    So, how can I do this in a safe(not leaking passwords/email) and effective way?
    I tried to read up on MySQL, but I couldnt manage to find a decent tutorial, and I have never used it before.

    One way I thought of was running a separate server that handles incoming login-requests. (having the database locally saved on the computer)
    I wish to avoid this if I can, because running it at all times will be expensive.

    Any help appreciated!

    User login in an online game?-tour_login.gif
    The login wold look similar to this

  2. #2
    kammce's Avatar
    kammce is offline Senior Member
    Join Date
    Dec 2010
    Location
    California
    Posts
    194
    Rep Power
    4

    Default Re: User login in an online game?

    I have a few questions.

    Have you designed a web server? Or a SSH server? Or a database before? IF you have answered no to all of these, you have a lot of learning to do before your game goes online. But you are off to a good start.

    Your plan would be to make a MySQL database on a Server that your "Server" program can access. When I say server program, I mean a Java program that lives on the server that can interact with the MySQL database. My suggestion would to make sure that the server program and a logged on user are the only things that can access the MySQL database . Make sure to lock down your server as well as your MySQL database (example, do not use the root MySQL account for the database), make sure your server, if it is only being used to get user's data, only accepts network traffic from a port your specify that only interacts with your server program that will make a query to your MySQL database and then drops any other type of network traffic.

    Also, is this a stand alone program or have you created a client as well as a server program? Do you have any means of encrypting the information that the user sends to that server program? What port will your server program be listening on (pick something random/obscure that is above 49151). Never use ports Ports 0-1023, for a private use.

    After that point, you should be at some good momentum. This all requires some good Google searching abilities. This will also take some time. This is less of a Java issue than a server and database issue. The only time java comes in is for the GUI for the client and the queries for the MySQL server. In this case, since you are advanced in java, the server will be the tougher part than the program.

    A seemingly good tutorial would be Using JDBC with MySQL, Getting Started - Developer.com if you are a Windows User. If you are a linux user, this might not help, but you should be able to find some tutorials on "how to install a MySQL database on [insert distributions here]." Also, you will need to learn how to use MySQL :: Using MySQL With Java for MySQL queries.

    Hope this helps!
    My API:
    Java Code:
    cat > a.out || cat > main.class

  3. #3
    Sock is offline Member
    Join Date
    Aug 2012
    Posts
    3
    Rep Power
    0

    Default Re: User login in an online game?

    Thanks for the reply.

    I have never done a webserver before.

    Note:
    I wont be running the game-servers, the players would start a game and invite others to join:
    However, you would have to be a registered user in the database to join a game.

    Heres an illustration:
    User login in an online game?-plan.png

    As you see every client goes through a login check before its allowed to connect. The login checker would run on my computer, or a paid host somewhere.
    I can manage everything here, except the communication between the database, and the database itself.

    Right now everything works fine, and for the time being the Login-checker allows any username.

    Now Im wondering if its possible to remove the Login-checker and handle the login requests directly from the client itself? (client connects to database)
    Or will this cause security problems?

    I might encrypt the login requests sent from the clients if I find that neccesary, that wont be a problem.

    Thanks again for helping!

  4. #4
    kammce's Avatar
    kammce is offline Senior Member
    Join Date
    Dec 2010
    Location
    California
    Posts
    194
    Rep Power
    4

    Default Re: User login in an online game?

    Hm, sounds good. As long as this whole thing works, you seem to be right on target.

    Now, from the drawing, I am not sure where the "login check-server" nod/program exists. Is it on the server side, client side, or somewhere in between?

    The only issue I can see, is someone exploiting your client program to gain superior privileges on your MySQL database. If information is not being sent, I could track down what data was being sent from my computer to your MySQL database, read it raw, and then get the credentials to log in to it remotely. My only suggestion after that would be to have some other node or program that stands in the way of the MySQL database that checks all of the information given. Think of it as a firewall. If they pass the fire wall, the firewall will make the query to MySQL and then send back a reply. In my mind, I would send back a reply that is encrypted and also different each time so that I could not try to force my client to believe that it got an accepted login. The client should be able to ntribrate this data. Also, the client should not be able to make MySQL queries to the database. I could see future exploits in your client-side program, if you were to do that.

    But for testing, you probably do not have to worry about the encryption, and the multiple replies that the firewall can give. Maybe just one reply like return "SUCCESS." and the client reads that and goes to the next stage.
    My API:
    Java Code:
    cat > a.out || cat > main.class

  5. #5
    Sock is offline Member
    Join Date
    Aug 2012
    Posts
    3
    Rep Power
    0

    Default Re: User login in an online game?

    Thank you for all the help. You have helped me alot!

    Im sure I can do this, following your tips, I just have to focus!

  6. #6
    kammce's Avatar
    kammce is offline Senior Member
    Join Date
    Dec 2010
    Location
    California
    Posts
    194
    Rep Power
    4

    Default Re: User login in an online game?



    I am very glad to have been able to help! I hope everything works out!

    !
    My API:
    Java Code:
    cat > a.out || cat > main.class

Similar Threads

  1. Problem when the same user login in different windows
    By murali23krishna in forum JavaServer Faces (JSF)
    Replies: 1
    Last Post: 04-07-2012, 06:19 AM
  2. How to check if a login server is online?
    By nickburris in forum New To Java
    Replies: 6
    Last Post: 08-10-2011, 01:00 PM
  3. Single user Login authentication
    By vinoopraj in forum Web Frameworks
    Replies: 0
    Last Post: 07-20-2010, 08:19 AM
  4. Query for User Login Information
    By nwboy74 in forum Advanced Java
    Replies: 3
    Last Post: 06-23-2010, 10:07 PM
  5. Login user name - for all platforms.
    By Eranga in forum Advanced Java
    Replies: 0
    Last Post: 03-17-2008, 05:45 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •