Server Help Forum Index Server Help
Community forums for Subgame, ASSS, and bots
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   StatisticsStatistics   RegisterRegister 
 ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin (SSL) 

Server Help | ASSS Wiki (0) | Shanky.com
Bringing zones together
Goto page Previous  1, 2
 
Post new topic   Reply to topic Printable version
 View previous topic  Arena - cnc (asss) Post :: Post displaying speed  View next topic  
Author Message
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Fri Jun 15, 2007 6:24 pm    Post subject: Reply to topic Reply with quote

*takes a pin and pops bd's balloon, laughs, and walks away* icon_twisted.gif har...
_________________
Performance is often the art of cheating carefully. - James Gosling
Back to top
View users profile Send private message Add User to Ignore List
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Fri Jun 15, 2007 8:43 pm    Post subject: Reply to topic Reply with quote

-prizes himself prox (huge radius) and fires a huge bomb towards cypher (he used up all his repels and I have anti on. All he can do is esc q)

Muhahaha. icon_twisted.gif

J/k <3

If they want mysql they will go to you. If they don't do mysql, they will (hopefully) come to me. All is fair.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Fri Jun 15, 2007 9:25 pm    Post subject: Reply to topic Reply with quote

Smong wrote:
How about making it save banners. Make sure there are ?changepassword and ?adduser op commands (and an option to not allow new users, so only ?adduser can be used).


Everything added. Any more suggestions?
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Fri Jun 15, 2007 9:27 pm    Post subject: Reply to topic Reply with quote

BDwinsAlt wrote:
-prizes himself prox (huge radius) and fires a huge bomb towards cypher (he used up all his repels and I have anti on. All he can do is esc q)

Muhahaha. icon_twisted.gif

J/k <3

If they want mysql they will go to you. If they don't do mysql, they will (hopefully) come to me. All is fair.


Or if they want subgame to connect to it. tongue.gif
Back to top
View users profile Send private message Add User to Ignore List
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Fri Jun 15, 2007 9:39 pm    Post subject: Reply to topic Reply with quote

Don't make me add subgame support. Reiz mich nicht. (Don't tempt me) icon_biggrin.gif
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Sat Jun 16, 2007 7:07 pm    Post subject: Reply to topic Reply with quote

How are you saving stuff to disk? Custom DB (like pocob)?
_________________
ss news
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sat Jun 16, 2007 8:07 pm    Post subject: Reply to topic Reply with quote

Just a custom way of saving everything to text files. I split different parts with a colon.
Login uses... Name:MD5Password:Squad:Email (?setemail)
An example: BDwinsAlt:a1b2c3d4e5f6g7h8:UBill:bdwinsalt@gmail.com

There are obviously different files for different things (like ?ban).

I was going to use mysql but cypher was using it, I didn't want to think about people using jdbc + mysql (some don't have a clue), and it was just easy for people who don't want to run any other special software.

It may be slower and a bit more work to code, but it works fine. I timed a login, 2 ms. Thats after it reads the bans, banfree,operators, and decides whether or not they are banned, then allows them to login. I thought that was awesome. I understand that it will differ from machine to machine because of different processor speeds. If it has 2ms on mine, it shouldn't be too much slower on any other pc.

Cypher and his MySQL. icon_biggrin.gif
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:40
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3614
Location: Las Vegas
Offline

PostPosted: Sat Jun 16, 2007 9:04 pm    Post subject: Reply to topic Reply with quote

BDwinsAlt wrote:
Login uses... Name:MD5Password:Squad:Email (?setemail)

I hope you plan on extending this to include a salt for the password hash. Otherwise, anyone who steals this file can just use a rainbow table and find user's passwords.

Quick how-to-salt: generate a random string of 4 characters or more, append it to the end of the user's password, then do the hash. When saving, save the salt and the hash output next to each other.
Code: Show/Hide
Password: bob
Salt: md83e
Hash("bobmd83e"): 8d4b2a76f3d0e82aecab9cf0cc46bd10
John:8d4b2a76f3d0e82aecab9cf0cc46bd10:md83e:Winners:spam@aol.com
Back to top
View users profile Send private message Add User to Ignore List Send email
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Sat Jun 16, 2007 10:02 pm    Post subject: Reply to topic Reply with quote

If the person has the salt, and knows what role the salt plays into the password hash, how much more effort is created on their end?
Back to top
View users profile Send private message Add User to Ignore List
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:40
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3614
Location: Las Vegas
Offline

PostPosted: Sat Jun 16, 2007 10:45 pm    Post subject: Reply to topic Reply with quote

You'd have to regenerate a whole new rainbow table just for it. The reason for the salt is so every password hash is unique. If player A and player B both used the same password, no one would know. And if player C used a commonly hashed password such as 'password', the cracker wouldn't be able to notice that instantly.
Back to top
View users profile Send private message Add User to Ignore List Send email
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sun Jun 17, 2007 12:18 am    Post subject: Reply to topic Reply with quote

Oh I see. I'll definitely add that. Why would anyone want to steal passwords from a game? I know people do it, but I think it's retarded. Ahh well it's easy enough to add a few characters to the end. Thanks for the suggestion.

Edit: Added to auth, password commands, and adduser. I made a random 5 character string containing letters and numbers to be added to the end of the password. That should be a lot more secure. Any more suggestions?
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Doc Flabby
Server Help Squatter


Joined: Feb 26 2006
Posts: 636
Offline

PostPosted: Sun Jun 17, 2007 6:32 am    Post subject: Reply to topic Reply with quote

don't use md5 for passwords, its not designed for it, and it can be cracked in a few hours using a bot-net/distributed computer. use sha-512 instead.

I havn't given up on skybill, btw just trying to figure a way to develop the database bit more elegantly tongue.gif
_________________
Rediscover online gaming. Get Subspace | STF The future...prehaps
Back to top
View users profile Send private message Add User to Ignore List
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Sun Jun 17, 2007 6:58 am    Post subject: Reply to topic Reply with quote

Now going back to the DB, are you opening the files everytime you want to find something, or are you loading everything into memory when the program starts? I think pocob loads everything into mem, being java there's probably an overhead for that.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Sun Jun 17, 2007 9:02 am    Post subject: Reply to topic Reply with quote

I'd recommend using SQLite, it's a nice storage application. There's talk about Mozilla Firefox 3 will be using it for offline storage.
Back to top
View users profile Send private message Add User to Ignore List
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:40
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3614
Location: Las Vegas
Offline

PostPosted: Sun Jun 17, 2007 10:28 am    Post subject: Reply to topic Reply with quote

How are you two dealing with longer usernames? Subgame supports accepting a 32 character username from the login packet, but then only deals with 20 characters later on. I don't remember how Grelminar deals with the security hole in ASSS, but I believe the billing server needs to deal with it for subgame to be secure.
Back to top
View users profile Send private message Add User to Ignore List Send email
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sun Jun 17, 2007 3:33 pm    Post subject: Reply to topic Reply with quote

Right now my biller only supports ASSS. (Once I get everything done for that one, I'll add subgame support).

Right now I don't have a max length on user names. I could add one. Having an extremely long name is ridiculous anyway. I could easily make a max length and deny entry if it's over that length the way I have it setup.

As for the login thing, it opens the file each time. I guess I could load it into memory and update it each time a password is changed or a squad is changed.
I think it's easier just to load it each time. It only takes a few ms to load everything for a player to enter the game. I'll play around and see what's best.

By adding the salt, wouldn't that make the salted md5 passwords almost uncrackable unless they found out what the salt was?

Say a password is server, if I make it server9iw2v, and I MD5 that, who is going to have that on their list of possible passwords? Should I add bytes to the password as well? sa_tongue.gif

Making a = ? or something crazy like that. I think everything is pretty secure after salting and md5. I know I wouldn't be able to crack it if I tried. You can only get an md5 password by encoding and seeing if it matches. Someone would have to think of that password before anyone could even try to crack it.

I doubt anyone would think of the password I used as an example (server9iw2v) [That isn't what I used, but it's the same concept.)
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Sun Jun 17, 2007 4:06 pm    Post subject: Reply to topic Reply with quote

I ensure no username is greater than 24 characters since this is the smallest limitation either in the client<->server, or server <-> biller UDP protocol. There is/was some debate whether or not the 24 characters includes a \0.
Back to top
View users profile Send private message Add User to Ignore List
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Sun Jun 17, 2007 4:57 pm    Post subject: Reply to topic Reply with quote

Asss trims it to 19 characters when you login, but it can be changed afterwards (for example ^ prefix) up to 23 characters long.

@BDwinsAlt
Doc Flabby wrote:
don't use md5 for passwords ... it can be cracked in a few hours using a bot-net/distributed computer.
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
CypherJF
I gargle nitroglycerin


Gender:Gender:Male
Joined: Aug 14 2003
Posts: 2582
Location: USA
Offline

PostPosted: Sun Jun 17, 2007 5:24 pm    Post subject: Reply to topic Reply with quote

Updated my src to max out the user name at 23 characters.
Back to top
View users profile Send private message Add User to Ignore List
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sun Jun 17, 2007 6:44 pm    Post subject: Reply to topic Reply with quote

Ok I'm going to salt + md5, and then put it into sha-512. Is that secure enough?
I hope so.

Edit: That's what I did. Should be a lot more secure now. Doubt anyone will crack it.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Mine GO BOOM
Hunch Hunch
What What
Hunch Hunch<br>What What


Age:40
Gender:Gender:Male
Joined: Aug 01 2002
Posts: 3614
Location: Las Vegas
Offline

PostPosted: Sun Jun 17, 2007 8:24 pm    Post subject: Reply to topic Reply with quote

BDwinsAlt wrote:
Ok I'm going to salt + md5, and then put it into sha-512. Is that secure enough?

You should never hash a hash. That just makes it worse. Pick one, and only use one.
Back to top
View users profile Send private message Add User to Ignore List Send email
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Wed Jun 20, 2007 5:18 pm    Post subject: Reply to topic Reply with quote

Ok I took out one of the hashes. I also added a module that will be open source so players can add what ever they want. I made it handle all commands and events before it goes to that modules because I don't want players to be able to steal passwords when ?password is sent. So you can only add commands that don't already exist.

You can get the following things from UBillConnect to UBillCmd:
Pid, cmd, arg, bang, out
PID = Player ID who sent the command.
CMD = the actual command sent.
ARG = The argument for the command.
BANG = The player's bang level
OUT = The thing used to send messages back to the server.

I'll post an example once I get on my other pc.

Code: Show/Hide

/*
Author: BDwinsAlt
Edited: June 20, 2007 [4:33 AM]

Credits:
         Smong        - Showing me factory classes allowing me to send messages across zones.
         Doc Flabby   - Commenting his code to show me how ASSS handles events.
         Mine GO Boom - Keeping me in line and allowing me to continue posting on his fourms.
         CypherJF     - Being a cool friend and giving me ideas. (Love ya)
         Sass         - Didn't help me with biller, but he is cool. (Lova ya, too)
         Hamm         - Being patient while I was updating the biller.
         Sonic VI     - Allowing me to test my netban command on an actual player and not myself.

         *God*        - For being there for me and allowing me to have the things I need in order to live and code.

*** ~Important Information~ ***
----------------------------------------------------------------------
pid = Player ID
cmd = Command that was sent
arg = argument for that command
bang = user's bang level (5 = Netop ... 1 = Mod [0 for Player] )
out = The thing used to send the message.
----------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Send can be modified to send sounds if you like.
  E.X: send = "MSG:" + pid + ":12:"; [Use right before out.println()]
  See ?newbie command for more information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~ This is the only part I can leave open source because of security issues.
~ Existing commands won't get sent here; there is no use in trying to get passwords this way.

TIP: Don't seperate parts of a command with a colon, this will cause multi args and you are only granted one.
     Split them using something else (like a semicolon or something). [Until I edit]
*/

import java.io.*;

public class UBillCmd {

// Create a way for UBillConnect to get the information to send.

   // Handle all commands here
   public void handleCmd(String pid, String cmd, String arg, int bang, PrintWriter out)
   {

   // This is just to keep you from typing it each time.
   String send = "MSG:" + pid + ":0:";
   
   // Find out if a command is equals to something below.

   // *About*
   if (cmd.equalsIgnoreCase("about"))
   {
   out.println(send + "I am a simple, lonely biller.  I just sit here and listen to all your commands.");
   }

   // *Bstaff*
   else if (cmd.equalsIgnoreCase("bstaff"))
   {

   try {

   // Opens bstaff.txt file for reading.
   BufferedReader in = new BufferedReader(new FileReader("bstaff.txt"));
   String lines = in.readLine();

   // Starts while loop
   while(lines != null)
   {
   out.println(send + lines);  // Sends the text to the player line by line
   lines = in.readLine();      // Reads the next line
   }
   in.close();                 // Closes the file
   // End while Loop

   } catch(Exception e){out.println(send + "Unable to locate bstaff.txt.");}   // If file doesn't exist

   }
   
   // *Levels*
   else if (cmd.equalsIgnoreCase("levels"))
   {
   out.println(send + "NetOp = 5");
   out.println(send + "Owner = 4");
   out.println(send + "SysOp = 3");
   out.println(send + "SMod  = 2");
   out.println(send + "Mod   = 1");
   }

   // *Poetry*
   else if (cmd.equalsIgnoreCase("poetry"))
   {
   out.println(send + "Roses are red.  Violets are blue.  All my base are belong to you.");
   }

   // ~~ Start Man section ~~
   else if (cmd.equalsIgnoreCase("man"))
   {

   if (arg.equalsIgnoreCase(""))
   {
   out.println(send + "Ect. Commands:  ?about, ?bstaff, ?levels, ?poetry");
   }

   else if (arg.equalsIgnoreCase("about"))
   {
   out.println(send + "Args: None");
   out.println(send + "Syntax: ?about");
   out.println(send + "Description: Sends a little information about the biller.");
   }

   else if (arg.equalsIgnoreCase("bstaff"))
   {
   out.println(send + "Args: None");
   out.println(send + "Syntax: ?bstaff");
   out.println(send + "Description: Displays biller staff.");
   }

   else if (arg.equalsIgnoreCase("levels"))
   {
   out.println(send + "Args: None");
   out.println(send + "Syntax: ?levels");
   out.println(send + "Description: Displays the different operating levels.");
   }

   else if (arg.equalsIgnoreCase("poetry"))
   {
   out.println(send + "Args: None");
   out.println(send + "Syntax: ?poetry");
   out.println(send + "Description: Displays a simple, geeky poem.");
   }
   
   } // End Man section

   else if (cmd.equalsIgnoreCase("newbie") && bang == 0)
   {
   // Example of sending things your own way using different sounds and bang levels.
   out.println("MSG:" + pid + ":3:" + "Newb!");
   }

   } // End handleCmd

} // End Class


Edit: Forgot to take a comment out. You can send more than one line of text back.
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sat Jun 23, 2007 2:09 am    Post subject: Reply to topic Reply with quote

I have a screen shot of my progress. I just now added a small GUI for now. I can pack it into a jar because I won't have to worry about a console anymore. I think it looks better this way. The reason the top is a charcoal color is because my system theme is overriding the Java theme.



The GUI was just something sudden. It wasn't really that complex either. I'll be adding more GUIs to it. I may add a setup GUI so you can just execute a jar and enter the values.

I could also make a name removal system (old names get removed) with this.
A person could set a last login date of something like July 4, 2002 (Pretending the database is that old) and any logins from before then would be deleted.

Any ideas/suggestions?

I plan on making it so you can change the welcome message and network name (like SSBD) while the biller is running.


HUGE thanks again to Smong. I've bene using that factory class like crazy. icon_biggrin.gif

Opps forgot to include a ban/invaild login example. Oh well. You see the basic idea.

Edit: Looks a bit weird for now. I added config (I figured password is more important than network name. BTW, the textfiled for greeting has more content in front of it. You can keep typing and typing. It doesn't stop at the edge.





Screenshot-5.png - 21.89 KB
File downloaded or viewed 37 time(s)

Screenshot-4.png - 19.89 KB
File downloaded or viewed 41 time(s)
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Smong
Server Help Squatter


Joined: 1043048991
Posts: 0x91E
Offline

PostPosted: Sat Jun 23, 2007 11:34 am    Post subject: Reply to topic Reply with quote

If you change settings via the GUI do they save back to config files? Or is everything hardcoded? Also that class is a "singleton" apparently, so you'll have to stop calling it a factory icon_neutral.gif
Back to top
View users profile Send private message Add User to Ignore List Visit posters website MSN Messenger
BDwinsAlt
Agurus's Posse


Age:33
Gender:Gender:Male
Joined: Jun 16 2003
Posts: 1145
Location: Alabama
Offline

PostPosted: Sat Jun 23, 2007 4:06 pm    Post subject: Reply to topic Reply with quote

But I store lots of objects. I'll just call it a smong class.
The greeting and password are loaded from the file when the setup utility is started. When you click save & quit, it saves what ever is in the boxes to the file. So if you don't change anything it stays the same (Still updates it, but it will be the same information). If you change something, it updates with the new information.

I'm pretty sure the biller loads the password each time a zone trys to connect to see if it matches the current one. it should since I'm pretty sure the greeting does that.

EDIT: I will try to tie up any loose ends and release a beta before my vacation on Wednesday -Sunday.

You guys can beta test it (if you want) and report any issues to me.
I did most of my coding in the middle of the night (12-5am or so) so it may have small grammar issues.

I can't make it better until I know what's wrong with it first. icon_biggrin.gif
Back to top
View users profile Send private message Add User to Ignore List Send email Visit posters website AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Server Help Forum Index -> ASSS Custom Projects All times are GMT - 5 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
View online users | View Statistics | View Ignored List


Software by php BB © php BB Group
Server Load: 658 page(s) served in previous 5 minutes.

phpBB Created this page in 0.436359 seconds : 52 queries executed (89.6%): GZIP compression disabled