From a security perspective, I see you've released a login/sign-up assistant which looks very interesting. In terms of security for the HTML client in particular, I don't want to store the username/pword smartfox server IP, and zone on the client side - what are your thoughts to this?
Hashing these values is marginally better but have you a best practice you would advise here?
HTML client best practice
Re: HTML client best practice
As it regards the username/password, they are not stored on the client. They are usually entered by the user and transmitted to the server. In particular the password is not transmitted in clear.
About the IP and Zone, it is not possible to hide them, otherwise how is the client supposed to connect to the right server and Zone?
About the IP and Zone, it is not possible to hide them, otherwise how is the client supposed to connect to the right server and Zone?
Paolo Bax
The SmartFoxServer Team
The SmartFoxServer Team
- coolboy714cp
- Posts: 323
- Joined: 06 Feb 2010, 02:45
- Contact:
Re: HTML client best practice
Sorry, I know this thread I quite old, but I had to say something about having the IP/port hiding inside the code.
If you really wanted to "hide" the IP and port from people who don't know anything about coding, you could base64/rot13 encode them, get the encoded string, and when using it in the code, just decode the string using the algorithm you used to encode it.
You could also use JavaScript/jQuery to send an HTTP request to a PHP page to retrieve the IP and port combo from a database, that way they are never exposed in cleartext to anyone viewing your code. Someone will always be able to find the information if they really wanted to though. Wireshark isn't too hard to use to find a connections remote address and port, and neither is the terminal/command prompt's netstat command.
If you really wanted to "hide" the IP and port from people who don't know anything about coding, you could base64/rot13 encode them, get the encoded string, and when using it in the code, just decode the string using the algorithm you used to encode it.
You could also use JavaScript/jQuery to send an HTTP request to a PHP page to retrieve the IP and port combo from a database, that way they are never exposed in cleartext to anyone viewing your code. Someone will always be able to find the information if they really wanted to though. Wireshark isn't too hard to use to find a connections remote address and port, and neither is the terminal/command prompt's netstat command.
SFS-Tutorials: http://sfs-tutorials.blogspot.com/
Return to “SFS2X HTML5 / JavaScript API”
Who is online
Users browsing this forum: No registered users and 30 guests