Server Help

[Quan Chi2]

Is it? And about how long would it take to finish coding it if you spend 2 hours on it a day?

[CypherJF]

Anything isn't difficult if you know how to do it.

In my opinion, using the new ASSS simple chat protocol, it's not very difficult at all. The VIE eq. (subchat) takes a bit more work.
_________________
Performance is often the art of cheating carefully. - James Gosling

[Dr Brain]

http://www.sscx.net/hyperspace/chat.html

I've been working on that in my spare time. It's not finished, but it wasn't especially hard. Just a lot of detail work.
_________________
Hyperspace Owner

Smong> so long as 99% deaths feel lame it will always be hyperspace to me

[Guest]

that is really nice... what about the security though ?:/ can i safely use my main nick on it : )

also what if someone does cross zone spamming through it and should be banned.. then what ?

[Muskrat]

You do the same thing you would do on any other client?

[Dr Brain]

They can still be banned.

Your password is sent in plaintext across the internet with all of the chatnet clients. I don't think it's a big deal to do it like this, because anyone with access to your packets could steal your password with subspace too.

[Donkano]

You should MD5 hash it so then people have someone to blame.

[Solo Ace]

Then the MD5 hash would be sent to the biller how?

I think this is the wrong forum for threads like these, but whatever.

[Mr Ekted]

[Bak]

what if the server sent a random string, that was tacked onto the end of the password and then hashed, so a different hashvalue would be required every time you log in?
_________________
SubSpace Discretion: A Third Generation SubSpace Client

[Mr Ekted]

Then the "man in the middle" could see that hash and reply likewise. You still can't un-hash the password on the server, so the stored result would be meaningless.

[Bak]

when you create an account or change the password the actual value would be sent to the billing server, but when you login the biller would tell the client the random string to tack on to the end, and compare the hash sent to what it should be, so that unless you catch the password when the account is being created or password is being changed, you have no way of finding out what it is. You don't need to un-hash the password on the server's side, just compute what the hash should be and compare the hashes.

A man in the middle would not be able to get your password for future use, only for that session.

[Dr Brain]

That would require client, server and biller changes. You can be darn sure that it will never happen.

[Bak]

chatnet clients can be changed, so can ASSS, and so can some open source billers

[Mr Ekted]

You are correct Bak. However, if the "hacker" viewed the initial password exchance then he would be able to login as normal. This solution effectively narrows the window of opportunity.

[Quan Chi2]

do you need to pay for anything to do all of this?

[Bak]

(shakes head) what? pay who?

[Purge]

Yeah, you can pay me.

[Quan Chi2]

I don't know.. to connect everyone

[SamHughes]

Chatnet operates via a parallel universe where bandwidth is free.

[Quan Chi2]

lol parallel universe lol

Sounds so Twilight zone.. lol