To be honest, some members of IRC were discussing this and it seems pretty insecure. The ability to kick people from your game and FF them can be easily abused if someone figures out how to access someone’s password to this.
I created this a week or so ago - but for personal use.
I can kick players, shutdown, and execute scripts as well - and even more in my version.
It’s not hard to create a secure web server.
It’s not hard to create a secure web server.[/quote]
It’s not the security of the web server which I’m worried about.
It’s the security of the site in general; how they store data and stuff for example.
It’s not hard to create a secure web server.[/quote]
It’s not the security of the web server which I’m worried about.
It’s the security of the site in general; how they store data and stuff for example.[/quote]
Well, you can A) make a password to access (and the password is hashed) ← this is what I do
B ) make the website accessible on certain IP addresses ← this one is pretty secure
The problem I had was that “Execute local script”. If it’s fetching the source from HTTP then it’s using loadstring somewhere, and that is always asking for trouble.
It also doesn’t look entirely useful. Kick only, no banning, doesn’t report the gameId of the server or what gameId the player is joined on, no sorting/group of the players by gameId or play time, players list is only online players or so it looks like, and the chat log has no sorting it looks like.
@Xeptix
This looks absolutely amazing! Is it connected with HttpService, or something else? Also, when will it be released?
[quote] @Xeptix
This looks absolutely amazing! Is it connected with HttpService, or something else? Also, when will it be released? [/quote]
whoops, I wasn’t very clear.
What I meant is I created a tool like this about 2 weeks ago, but for personal use.
though I didn’t create the exact tool shown in the video.
[quote] @Xeptix
This looks absolutely amazing! Is it connected with HttpService, or something else? Also, when will it be released? [/quote]
whoops, I wasn’t very clear.
What I meant is I created a tool like this about 2 weeks ago, but for personal use.
though I didn’t create the exact tool shown in the video.[/quote]
Ohhh, okay. Well, I still can’t wait for this things release 
The one pictured is by Rootx, formally known as UnusualDivinity.
It’s secure. All of our traffic is encrypted via SSL.
Our database management relies on MySQL, which we control using PDO. Every SQL statement first passes through PDO::prepare. Regarding passwords; they are encrypted using MD5 with our own salt.
[quote] It’s secure. All of our traffic is encrypted via SSL.
Our database management relies on MySQL, which we control using PDO. Every SQL statement first passes through PDO::prepare. Regarding passwords; they are encrypted using MD5 with our own salt. [/quote]
Can’t wait for a beta release.
Also keep in mind that that video is not the final product. It’s a beta look.
It will have more features, such as better sorting, player banning, global banning (to take care of nasty exploiters), etc. We can only hope this service will not be abused, if it is, that is not our problem. The user is responsible for their own actions towards their server. We’re not the NSA, every user should have the right to do what they want.
Also regarding the service abusing: there will not be public registration for quite some time (if ever). You will only be able to submit a request to us, and if we accept you, then you can use Roverse.
If there are any other questions, please feel free to ask us.
I accidentally DDoSed a text hosting site a few months ago when my game picked up :dry:
I was using it for in-game notifications and people kept getting errors as notifications >_>
Thankfully we most likely won’t have to worry about that, seeing as we are the owners of the servers, and can manage for the time being. If we get a lot of people using Roverse, we’ll have to migrate, or buy additional servers.
New setup video!
[quote] It’s secure. All of our traffic is encrypted via SSL.
Our database management relies on MySQL, which we control using PDO. Every SQL statement first passes through PDO::prepare. Regarding passwords; they are encrypted using MD5 with our own salt. [/quote]
I hope you actually know the difference between hashing and encryption. Also, do not use MD5. You should be using bcrypt and user specific salts.
The idea behind this is really cool, you’ve got some cool features already. I look forward to seeing what comes of it. I’m also familiar with PHP, so if you’re looking for another developer I would be really interested in taking up the role.
Here’s a quick post based security test demonstration video.
Unless you’re logged in, you cannot execute commands remotely with the post data.
[quote] Here’s a quick post based security test demonstration video.
Unless you’re logged in, you cannot execute commands remotely with the post data. [/quote]
Isn’t your site based on this site?