mvdevs / jk2mv

JK2MV - improved, modernized JK2 client and server
https://jk2mv.org
GNU General Public License v2.0
108 stars 33 forks source link

Client id for stat tracking #110

Open aufau opened 6 years ago

aufau commented 6 years ago

Provide unique client id to servers for simple tracking systems in serverside mods.

Either port ja_guid from OpenJK that provides rudimentary safety from impersonation attempts, but the id is different on each server (changes with server ip/port). This probably could be ported to a qvm mod so it's a bit superfluous.

Or use a public-key cryptography approach where client has a single public key as its id for all servers and authenticates using matching private key. This is better (single id allows cross-server tracking), safer and can't be ported to mod easily because cryptographic libraries depend on 64bit integer variables.

This requires designing authentication protocol and embedding it into existing connection protocols.

aufau commented 5 years ago

Note: It seems ja_guid OpenJK implementation isn't safe after all. Secret key or equivalent can be probably extracted.