Server Side - Connection Phase/Handshake Modification

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

MrRiktor
Posts: 13
Joined: 18 Feb 2014, 21:53

Server Side - Connection Phase/Handshake Modification

Postby MrRiktor » 06 Apr 2021, 20:10

Hey,

A piece of functionality I am looking for is effectively approving a "footprint" of the application connecting to my server.

My use case is:
1. Client Application is created and hold a "footprint id".
2. User attempts to connect to SFS server using IP and Port.
3. User provides the server the "footprint id" within either the connection phase or in response to the connection phase.
4. Server determines whether connection is from a valid application
5. Server kills any connection that did not provide a valid id.

I was wondering before I try to create an extension that does this, is there any functionality already implemented to accomplish this?

I am effectively trying to mitigate connections to the server to only connections that can provide this footprint.

Thanks!
User avatar
Lapo
Site Admin
Posts: 23008
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: Server Side - Connection Phase/Handshake Modification

Postby Lapo » 07 Apr 2021, 08:00

Hi,
you could add the footprint id as custom data to the client login request.
This way the server side Extension can validate the credentials (if necessary) and the footprint id.

The client side LoginRequest supports passing a custom SFSObject containing any data. On the server side you can extract the object like this:

Code: Select all

public class LoginEventHandler extends BaseServerEventHandler
{
   @Override
   public void handleServerEvent(ISFSEvent event) throws SFSException
   {
      String name = (String) event.getParameter(SFSEventParam.LOGIN_NAME);
      String pass = (String) event.getParameter(SFSEventParam.LOGIN_PASSWORD);

      SFSObject obj = (SFSObject)  event.getParameter(SFSEventParam.LOGIN_IN_DATA);

      // validation code here...
   }
}

If you're not familiar with how a login Extension works check this article from our docs:
https://smartfoxserver.com/blog/how-to- ... tom-login/

Just one note of caution: the approach you've mentioned can work if the client is not easily reverse-engineerable, otherwise an attacker would still be able to decompile your code, extract the token/footprint id and use it to bypass the check.
I'd recommend hiding such token with proper code obfuscation at least.

Hope it helps
Lapo
--
gotoAndPlay()
...addicted to flash games
MrRiktor
Posts: 13
Joined: 18 Feb 2014, 21:53

Re: Server Side - Connection Phase/Handshake Modification

Postby MrRiktor » 07 Apr 2021, 15:45

I Appreciate the fast response Lapo. That was my thought as well, I was just checking to see if there was a way to do this in the Connection Phase vs. the Login Phase. I know for connection, "extension" is the wrong word since extensions are on the zones. Was just curious before I submitted this as the possible solution.

Return to “SFS2X Questions”

Who is online

Users browsing this forum: No registered users and 42 guests