flash - General Password Security && Implementation in Actionscript 3 -

-

For this summer, my project is to create a multiplayer online Flash game. I can use some advice because I have never implemented a secure login system before, only doing this in action script.

My setup is currently one. SWF is sending / receiving game data from / to a Java server that communicates with the account information about a MySQL database.

1) How should I proceed to normal? I was thinking that maybe I have Encrypt SWF password, send it, (does my server encrypt it again?), Then keep it in database.

2) I am sure that I can find many guides for encryption in Java Any action script library, or even a general encryption algorithm, can recommend (therefore Can I find a similar one like myself) which would be acceptable for this task?

In addition, my game is communicating through an XMLSocket, I do not think it should be the cause of any security issues, but please tell me if I'm wrong.

Generally a way to send passwords is that they are not really sent at all because it It is considered to be extremely unsafe, instead, as you mentioned that you have to send a different type of different kind of password, like a hashed password, still thinks that it has drawn something - that is, the rainbow tables etc.

So the best way is to do a hash with password (number is used only once) i.e. a random string and timestamp and send it instead. I will then send a hash string, non, and timestamp to an XML format on your DB server, which can re-generate the password by using the password you have kept for the user.

How to do this W3C Usernation Talking Speck - 

  & lt; UsernameTlock XMLNs: wsu = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd" & gt; & Lt; Username & gt; John & lt; / Wsse: Username & gt; & Lt; Password Type = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest" & gt; 9JSGeXj + zpvEp42I20K / 1bg8rCE = & lt; / Password & gt; & Lt; Nonce & gt; TaF3g5F37wSHtSdY & lt; / Nonce & gt; & Lt; Created & gt; 2009-07-25T10: 29: 34Z & lt; /: Created & gt; & Lt; / UsernameToken & gt;

However, it can introduce unwanted complexity.

So you can just havehish password and send it to the server, which will then have your own version of password and if it matches your distance, at the end of the day, you should ask yourself That's how real the actual .swf file is, because you can decompress them and just jump on the original login. However, for the most part this will be enough.

For the hash ding I usually use 3crypto (code.google.com/p/as3crypto/) - but I know that there is an MD5 and Shaw in the housing use package - 1 implementation.

For the XML Socket, as long as you have a cross-site-policy file in the Action Script App, which allows to talk to that domain and there's one on the domain that talks to Flash Otherwise, you may get security errors.

Hope it helps.

John


Comments

Post a Comment

Popular posts from this blog

c# - ListView onScroll event -

-
I am programming a simple C # application, and I need a Scallow event on the list view. So I inherited the original ListView class created in ListviewEx witch. I found out how to locate the scroll message from WinAPI and I modified the WndProc method. Now I have this WndProc: protected override zero WndProc (Ref message message) {base.WndProc (Ref I); If (m.msg == WM_VSCROLL) {onScroll (This, New EventArgs ()); }} But the problem is, I do not know how to know about scrolling information. This data should be in wParam, but there is a LOWORD macro ++ like in C in C # and I switch to find the criteria like SB_ below, SB_ENDSCROLL, SB_PAGEUP etc. there any way Need to change the LOWORD macro from C #? Or any other way to find the necessary parameters about scrolling? You can define the WParam constants as the following: Private const int WM_HSCROLL = 0x114; Private Constant WM_VSCROLL = 0x115; Private contact int SBHOZZ = 0; Private Consultant SB_VERT = 1; Private Con...
Read more

PHP - get image from byte array -

-
I am trying to create a back-end for my mobile application. I am sending the content of an image in the body of the HTTP request (output stream) as a byte array, I want to read this stream of bytes in PHP scripts and take back an image. Can anyone tell me how can I do this? Thank you. You can obtain the request body $ body = Reading from file_get_contents ('php: // input'); What you do with that data Depending on you, you can write the data in a file as you mentioned that this is image data, you can drop the data into the object can do. Another option is to use and load the image.
Read more

Linux Terminal Problem with Non-Canonical Terminal I/O app -

-
I have a small app written in C to run on Linux. Part of the app accepts user-input from keyboard , And it uses non-canonical terminal mode so that it can respond to each keystroke. The section of the code that accepts input is a simple task that is called repeatedly in the loop: char get_input () {char C = 0; Int res = reading (input_tamille, & amp; c, 1); If (RSS == 0) 0 returns; If (res == -1) {/ * snip error handling * /} return c; } It reads a letter from the terminal if there is no input within a given time limit, (c_cc [VTIME] value in the vocabulary structure), read () 0 And get_input () is called again It all works very well, I have recently discovered that if you run this app in a terminal window, and then the app Close the terminal window without ending, the app will not exit Received, but CPU intensive launches into an infinite loop, where the read () returns 0 without waiting continued. So how can I get out of the apple if it runs from the terminal win...
Read more