New Functionality Neccassary- STOP SPOT STEALERS

[REVENGE]

Infolog for host only seems reasonable, they can easily get the IPs anyways.

that is no valid argument for security concerns. it is like saying ISPs should store/give out info about their clients (eg IPs) however they want, cause they can get that info.

Huh, I thought we meant infolog for hosts only. So it's more like ISPs storing the info of their clients in a convenient location, vs. an inconvenient one.

[hoijui]

it is not inconvienient vs convienient, it is short time vs long time.
Now, the IPs are only in memory as long as the game runs. Afterwards they would be on the HD as long as the infolg(s) is/are not deleted. In theory it still stays autohost local, but in practice, the infolog may be copied to the forum when the game crashed, or end up in googles cache through some web interface of the autohost.

[el_matarife]

I wanted to add the IPs (MAC is useless) to the infolog, but was defeated by bawwwing of random people concerned about "security".

I don't see how MAC is useless since those are guaranteed unique unless someone changes them, and they're also long enough that they can be hashed for anonymity, unlike IPv4 addresses. Apparently there's actually a standard called UUID for making a unique identifier for all your users based on hardware which relies heavily on MAC addresses. I'm fine with whatever can give us a unique, anonymous identifier based off some combination of or either hardware or network location.

[aegis]

Infolog for host only seems reasonable, they can easily get the IPs anyways.

that is no valid argument for security concerns. it is like saying ISPs should store/give out info about their clients (eg IPs) however they want, cause they can get that info.

they do, for legal reasons.

[Argh]

I don't see how MAC is useless since those are guaranteed unique unless someone changes them

Just bear in mind, many laptops and fair number of PCs have network cards where the MAC is a generic string given to every network card in that model series. It's certainly not foolproof ID, and of course it can be spoofed. However, I suspect that 99% of the time, MAC + IP is enough to generate a valid result.

The 1% are serious hackers who are going to be very hard to stop in any way using Spring's current systems, should they feel like being a pain in the arse. There have to be dozens of ways they can launch DoS attacks on the Official Server or skip around bans via proxy just to make life hell for Moderators, and since they can create a new ID instantly, no system of unique tokens will keep them out reliably.

[aegis]

you underestimate my powers greatly ^_^

[Argh]

Meh. I assume that my understanding of this at an implementation level is pretty much zero, frankly. I just figure that it's gotta be kinda hard to keep people from hammering the server in various ways or being cute little terrorists of the community atm.

I mean... I remember when it was possible to do DoS-style attacks just by spamming text over and over again, or by using funky characters, both of which required zero hacking skill. That it's no longer possible to use such crude tactics is cool, but I'm less than totally sanguine about the prospect of a more serious attempt, frankly.

[el_matarife]

Just bear in mind, many laptops and fair number of PCs have network cards where the MAC is a generic string given to every network card in that model series. It's certainly not foolproof ID, and of course it can be spoofed. However, I suspect that 99% of the time, MAC + IP is enough to generate a valid result.

Mac addresses can be edited by the utilities included with pretty much any network card and a few generic utilities I think, but they are guaranteed unique by default unless there was some gigantic manufacturer screwup. I have heard some of the more low rent Ethernet card add in manufacturers had duplicated whole stings of MACs back in the late 90s, but that shouldn't be a concern today. MAC addresses must be unique on the local physical network for ARP and thus TCP/IP to even work anyway.

[Argh]

Hrmm. So, what's going on with all those WiFi cards, where they all have the same MAC address, then? Is it being assigned a fake MAC by the WiFi transmission station when the user's hardware initially signs on and creates a session? Sorry, I know that's a stupid question, if you're a network guy... just curious.

[el_matarife]

Hrmm. So, what's going on with all those WiFi cards, where they all have the same MAC address, then? Is it being assigned a fake MAC by the WiFi transmission station when the user's hardware initially signs on and creates a session? Sorry, I know that's a stupid question, if you're a network guy... just curious.

It could be a lot of things like that. Certain routers are designed to clone the mac address of all attached computers when passing data upstream for instance. I highly suggest reading up on the OSI 7 layer model to get a sense of how an actual packet travels from the application layer where you have Spring or other applications, all the way down to the physical layer where the transmission methods like Ethernet hang out, and back up again.

http://en.wikipedia.org/wiki/MAC_address
http://en.wikipedia.org/wiki/Media_Access_Control
http://en.wikipedia.org/wiki/OSI_model

[imbaczek]

Mac addresses can be edited by the utilities included with pretty much any network card and a few generic utilities I think

regedit is enough on windows, you just need to know where to look. it works even if driver options don't have a hardware address field.