Tag Archives: sfs2x

SFS2X memory settings and garbage collection (part 2)

In our previous chapter we have talked about the JVM memory configuration: when to use the defaults and when it might be necessary to fine tune the settings. We also touched on potential side effects of manual tuning and how it can sometimes backfire, for example, forcing the Garbage Collector (GC) to work harder.

In the second part of this series we are taking a look at the different Garbage Collectors available, which is the best for a specific use case, and when it’s useful to switch to a different implementation.

Continue reading

Using a database in Overcast (part 3)

In the third (and last) part of this series we are taking a look at using the JDBC API to access a database via SFS2X Extensions. While this approach takes a bit more coding compared to the DBManager API (which we have explored in part 2) it also provides more sophisticated features such as working with metadata and advanced data types.

Continue reading

Using a database in Overcast (part 2)

In the previous installment of the this tutorial we have learned all the steps to create a database server in Overcast and connect to it from an existing SFS2X instance.

In this new chapter we are going to explore the database API that can be used to query the database from server side, using SFS2X Extensions.

If you are new to server side coding we highly recommend to get started with this article from our documentation, before proceeding with the rest of the tutorial.

Continue reading

Using a database in Overcast (part 1)

In this new article in the series dedicated to Overcast, the cloud solution for SmartFoxServer 2X, we will describe how to use a database server alongside SmartFoxServer.

In this first part of the article we will focus on launching the database, populating it with some test data and configuring SmartFoxServer to connect to it. In the second and third parts we will deploy an Extension in SmartFoxServer to test the connection with a query.

Continue reading

Running multiple SFS2X instances (Tomcat edition)

For those interested in running multiple SFS2X instances on the same machine we have a short guide on how to setup each server correctly avoiding port conflicts.

In particular since SFS2X 2.14 we have switched from Jetty to Tomcat for the HTTP-related services and our previous article on the same topic no longer applies.

Continue reading

Feb 2021 vulnerability reports

At the start of 2021 three vulnerability reports were published describing alleged SmartFoxServer 2.17.0 (the latest version as of March 2021) exploits. We exchanged several emails with the individual who created the reports prior to their publishing, pointing out evident flaws in the findings but they were still published without correcting those glaring mistakes.

The reports

The following are the reports in question:

They all refer to a so called “God Mode Console”, an additional Admin Tool module which is always inactive by default in any SmartFoxServer installation. The module can be activated by an Admin via multiple manual steps and it can be used to debug a live server at runtime, typically when a bug or issue cannot be reproduced locally but it manifests in a live environment.

NOTE: the console cannot be activated or remotely accessed. It requires the server admin to manually activate it and use it.

Given this premise it goes without saying that the first “vulnerability” report is a just an example of bad security reporting. The whole point of the console is to execute arbitrary commands and an attacker that has local access and credentials to enable the console is already in control of the target server. Even after explaining these points to the “researcher” prior to publication, he went ahead and posted the alleged exploit.

The 2nd entry in the list claims that the Admin password is stored in clear text, which is correct, and flags it as medium threat. We agree with the claim and we can also provide further details: there aren’t many better ways to secure such password and a clear text file can be efficiently secured by way of user permission management.

For more info on securing clear-text passwords, please take a look at this discussion on StackOverflow.

The 3rd and last entry reports an XSS (cross site scripting) exploit without actually showing any evidence of the “cross site” part. As already clarified this is an admin-only console that is not accessible to the outside world and disabled by default, but the author willfully ignored it and reported it as a vulnerability.

If there’s any other questions regarding these issues you can get in touch with us via the support section found on our website.

How to deploy a game in Overcast

In this third article in the series dedicated to Overcast, the cloud solution for SmartFoxServer 2X, we will focus on the deployment of your games onto a cloud server.

For this purpose we will use one of the existing SFS2X examples, the Tris game (aka Tic-Tac-Toe), which we released for almost all supported platforms. We will refer to the Unity version of the example, but all the concepts relevant to the purpose of this article apply to any version.

If you are new to SmartFoxServer, don’t worry: we will also provide some context and guidance to get started!

Continue reading

Launching SmartFoxServer in the cloud

In early November 2020 we have launched a new cloud service called Overcast which joins the family of SmartFoxServer products.

In this short series of articles we will be taking a look at how Overcast works, how to get started and and how it can help new or existing projects based on SmartFoxServer.

Continue reading

The SmartFoxServer Cloud is here!

We are happy to announce the launch of Overcast, a dedicated cloud-based hosting service for SmartFoxServer 2X that provides a complete stack to build and run rich multiplayer games at any scale.

With Overcast developers can deploy any number of SFS2X instances in the cloud, world-wide, with a simple web-based interface. Each instance runs in its dedicated server with unlimited CCU and provides 100% of the SmartFoxServer 2X features.

For a full presentation of the service make sure to read this introduction to Overcast.