Advertisement
[4.2] The Auth System
#11
Posted 31 July 2012 - 12:09 PM
I highly recommend that Server Admins who choose to use Auth and have it enabled to not use the GUIDs, they are not exactly trustworthy and about as usefull (if not less so) than a IP Address.
We don't use GUID as a part of the Auth System at all, we use our own code "on top" what is there in Quake 3. There is no dependancy between our system and anything Quake 3 uses.
Many Thanks!
We don't use GUID as a part of the Auth System at all, we use our own code "on top" what is there in Quake 3. There is no dependancy between our system and anything Quake 3 uses.
Many Thanks!
#12
Posted 31 July 2012 - 01:32 PM
Thats pretty natural that Auth do not use GUID, however I was wondering about this, because I (and many other server admins) have some kind of stats (eg. xlrstats) and huge user databases for their servers and they were guid based. I know that Courguette will do magnificent job with adapting BBB to 4.2, however I hope that we won't have to clean old databases. Will user GUID still be in log, even with auth_enable 1?
#13
Posted 31 July 2012 - 01:57 PM
Are the auth credentials cached somewhere in the game folder? I've seen on at least one occasion where two people that were family members but clearly lived in different residences had the same GUID on one of our servers. If credentials are cached, then two people could try to connect at the same time with the same account.
Which brings me to another question -- what happens if two people do try to use the same credentials at the same time?
Also, do you have any waiting periods on account activation to help prevent ban evasions where hackers just come right back?
Which brings me to another question -- what happens if two people do try to use the same credentials at the same time?
Also, do you have any waiting periods on account activation to help prevent ban evasions where hackers just come right back?
#15
Posted 31 July 2012 - 02:04 PM
Garreth, on 31 July 2012 - 01:32 PM, said:
Thats pretty natural that Auth do not use GUID, however I was wondering about this, because I (and many other server admins) have some kind of stats (eg. xlrstats) and huge user databases for their servers and they were guid based. I know that Courguette will do magnificent job with adapting BBB to 4.2, however I hope that we won't have to clean old databases. Will user GUID still be in log, even with auth_enable 1?
Make a copy of the qkey file and put it in the base 4.2 folder. cl_guid will be the same then. we do not manipulate cl_guid in any fashion, even with auth_enable 1.
Cheers... s.e.t.i.
[img]http://www.urbanterr...ers/13.0.80.png[/img]
[img]http://www.urbanterr...ers/13.0.80.png[/img]
Advertisement
#17
Posted 31 July 2012 - 02:56 PM
1 Question , is there an option where server admins can turn off the notoriety message thats is shown when user connects ? i mean the username.
i belive there are lots of players that like to play without ppl boring them because they are well known .
instead of showing the message ex: Kuspix well known player connected , could be smth like ex : A well known player connected.
having the possibility of SA turn it off or on the nick/login info shown
If not will you do it in upcoming updates ?
1 more thing , this notoriwty is by H played ? so if someone leaves is auth on is private server all day not playing get notoriety or you sorted by x time movement ?
i belive there are lots of players that like to play without ppl boring them because they are well known .
instead of showing the message ex: Kuspix well known player connected , could be smth like ex : A well known player connected.
having the possibility of SA turn it off or on the nick/login info shown
If not will you do it in upcoming updates ?
1 more thing , this notoriwty is by H played ? so if someone leaves is auth on is private server all day not playing get notoriety or you sorted by x time movement ?
This post has been edited by Kuspix: 31 July 2012 - 02:59 PM
#18
Posted 31 July 2012 - 03:08 PM
icarebecauseyoudo, on 31 July 2012 - 02:14 PM, said:
I know, right?!
You should, I had to ban you maybe 40-50 times. You made it clear right from the start that you have no respect for the right of server owners to set their own rules. You also went on and on in chat about how bad my clan's servers were, yet even after it was clear you weren't welcome, you kept coming back? It seemed to be amusing for you, but it was a waste of everyone else's time.
Seeing as you brought it up: For server owners/operators out there who think that they have the right to choose who plays on their servers and what is appropriate behaviour, it is my strong recommendation that you ban this player, a.k.a Intrinsic.
[img]http://i.imgur.com/OQ7HC64.gif[/img]
#19
Posted 31 July 2012 - 04:00 PM
Divinity, on 31 July 2012 - 01:57 PM, said:
Also, do you have any waiting periods on account activation to help prevent ban evasions where hackers just come right back?
This. Eventually implementing a 3-hour activation delay in the absence of being able to restrict the number of auth accounts per player makes sense to me.
#20
Posted 31 July 2012 - 04:44 PM
Todd, on 31 July 2012 - 04:00 PM, said:
This. Eventually implementing a 3-hour activation delay in the absence of being able to restrict the number of auth accounts per player makes sense to me.
Players already have to create a new email address in case they want to do this. Things like 10minutemail are not accepted, so they will have to deal with captchas, etc. And obviously things like gmail don't allow people to create 10 or more email accounts per ip. And if we notice, that there are like 10 accounts on 1 ip, all with different email addresses, obviously something is going on. While not perfect, it's a whole lot harder for people to do this with the new system.
2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users
Advertisement