Open ExtReMLapin opened 8 years ago
Let met explain why it's problematic :
Let's say we have a drm/statistic system using http.Fetch.
Well, on NFO, using http.Fetch will not use the server's ip (+ip arg), so it's hard to tell if it's the real one.
A token would be better authentication than an ip.
that's no the point, also, we already use a private key to auth the client, but here is also a server linking system, to prevent any leak.
Anyone can leak the addon with the private key and before we detect it, it can takes us few hours, and that's enough for anyone to crack the DRM, the server linking system is here to prevent this.
It's an issue that would need to be fixed, on another hand for example, server's behind proxies(or protection such as blacklotus) would be exposed to attacks.
This is more a feature request then a bug.
@aStonedPenguin Seems like an unintended behaviour to me; there's a lot of issues that arise from different IPs being used between identification and literal usage
I don't think you can select the source IP address in the Steamworks SDK thats what HTTP uses after all. Also after all you may not be able to get around the routes, I suggest use a certificate or something else.
Any news ? it's really really annoying.
Go beg Valve to implement binding the socket to the specified address, it remains impossible without Valves help.
if you specify an IP with +ip, the http lib is not going to use it.