Problem description:
So, I was doing some work on that one probably-never-ready project I've done bits and pieces on few and far between and wanted to cache a local password on the client's side. There are a few things I can think of to work-around, but I'm not exactly sure about client-side functions(specifically using BYOND). Any articles/tutorials anyone recommend? Am I wanting to take a wrong approach to this? I wasn't sure of how secure the method would be, or if there were a secure way of doing this.
I mean, most games available(MMO-esc) allow you to save your password, but I don't want the un-hashed password laying around somewhere.(of course, I could accept login based on if the password presented matches the hash or a hashed version of the password ie: if(password==hashed_saved_password||hash(password)==hashed_s aved_password)) More modern games seem to require you to enter your password no matter when logging on.
Should I just abandon the idea?
I thought so, I just like being able to delve into a game as quick as possible. I currently have a salted hash setup for the passwords, figured I'd set it up after the recent "cryptoBYOND" topic in the tutorial section. Read through the article posted and was trying to come up with a way to allow the client to save their password for quick login. Oh well, not like it takes forever to type in a password.
|
In response to A.T.H.K
|
|
I actually do want to provide some limited access to the local/session storage info. The problem is that this info would be based on the server's address, so it wouldn't be helpful across multiple servers for the same game. I'm looking for ideas on that so if you have any suggestions, maybe a new thread in Feature Requests would be a good idea.
|
Client side saved passwords is just a terrible idea, sorry .. it is.
Just make them login each time, as far as I'm aware you won't be able to utilize sessions in the webclient, so a cookie would be another alternative even then that can't always be safe.
Hash + Salt may work, but I honestly would suggest staying away from saving anything client side, none of the connections from server to player/player to server are encrypted either..