Client Validation Change #12

L1ghtman2k · 2021-12-31T17:20:01Z

After a discussion in general chat, we came up with an alternative way of authenticating a client to a game server.

Instead of generating a shared hash between the game server, and a client, the master server could either:

A) Send an encrypted payload to the client, which only the game server can decrypt.
B) Send a signed payload to the client, which can not be altered by the client.

In the case of A, the master server, and game server could have a unique AES key, agreed-upon authentication, while in the case of B they could have Pub/Priv key pair for message signing(doesn't have to be unique).

Some info that should be included in the payload:

Lifetime of the payload (prevent replay attacks)
Designated Server ID (Prevent malicious server owners from misusing client's token on other servers)
UserID of the connected user. (Prevents sharing of the signed/encrypted message, without nonrepudiation)

Added Benefits:

Master Server's IP address could be abstracted
There is one less connection that master server has to make

pg9182 · 2022-12-11T21:27:45Z

R2Northstar/Atlas#10

abarichello added the feature request Request for a new feature/enhancement label Feb 20, 2022

pg9182 closed this as not planned Won't fix, can't repro, duplicate, stale Dec 11, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Client Validation Change #12

Client Validation Change #12

L1ghtman2k commented Dec 31, 2021

pg9182 commented Dec 11, 2022

Client Validation Change #12

Client Validation Change #12

Comments

L1ghtman2k commented Dec 31, 2021

pg9182 commented Dec 11, 2022