Hmm, how are usernames/passwords store and how secure is this?
Is this game using an third-party datastore service to be able to ban people in a game and show bans on another and how would that be funded?
VERY COOL concept, by the way
This looks sick! One question though. You said this is advanced. I’m wondering, what will this have that other admin systems don’t? Why should we choose this upon full release?
I will just give one feedback, allow toggle dark theme / light theme UI. Some people prefer dark theme UI as they usually comfortable for eye
1 Like
This looks really cool! I wish you would’ve released it publicly, but I understand a public database would be pretty costly.
Alright, thanks for the suggestion. I will note that down to be added in the future!
@Pearielqs It is using a third party database set up by me, and once you create an account and save your password, that password is encrypted and will not get decrypted again.
Currently it doesn’t require any money for me to run this, however expanding in the future (when maybe like 20+ groups use voxel) it might cost money for me, but for that I have Voxel+ in mind.
That would be a monthly membership people can pay for which gives them special perks.
@lanjtlike When I open the application phase in like spring, group owners will be able to apply and I will then select the groups which will get early access to a own database, but yeah. I don’t want to release it entirely public, since I still want it to remain something special and not become like adonis.
Account creation however is and will remain public, just not everyone will get their own database.
@Chordily Well, Voxel (the database tool) has accounts, which makes it easier for admins to give perms to people on their databases. Besides that im putting high value on customizability, hence the account system, which will feature custom profile pages at a later point. Then there also are a lot of options for database owners, such as making their database public in a way that everyone can have a look at the banlists and warn lists. I wish I could say more about the ingame panel, but I don’t have any specific plans for that yet. Oh and also, Voxel will feature a discord bot which can be linked to a database and then synchronize discord bans with game bans if group owners wish to.
1 Like
I like your UI and all in this creation, but the login screen strikes me as a big no-no. There have been big arguments about these on posts in the past (see Is there a way to use a for loop with a database? - #36 by buildthomas) about how login screens are questionable when it comes to TOS and are unnecessary in general.
I will say the same thing as I did in Making a textbox password box? - #7 by Vulkarin, you don’t need a username/password combination to login. By bringing your account into the roblox game you are already authenticated, so please save yourself the trouble and just skip the login.
And please don’t use easy as an argument, remembering a username/password will never be easier than simply being whitelisted.
2 Likes
You can go with some sort of API key mechanism where your server receives the API key and the authenticated user ID, that way you can validate a particular request comes from a game server from that particular user. It makes much more sense from a security perspective to keep Roblox accounts linked 1:1 to accounts on your third-party system.
For third-party login without needing additional passwords, you can support this feature request with your use case: Log in with ROBLOX, OAuth, SSO - #20 by PMGDesigns
2 Likes
I like it, but there is one thing I would add. A button that toggles dark/light mode.
I did this because I cannot transfer voxel accounts. I built this whole system up on an account system and it would just not work if I changed this now. For the people who don’t trust me enough, there still is a way to log in as “guest”. This game will be at some point moved to a website anyways and is just temporary.
This account system makes it possible for me to have custom profile pages. However, if someone looses their roblox account, this is a big security risk for database owners, plus I cannot transfer their voxel account. If people don’t trust me, sure. That’s their thing. They don’t need to use voxel nor have an account there. All the stored stuff is encrypted and that’s the highest security that I can provide.
Plus, people don’t need to use a actual password which they use on other sites.
When it’s moved to a website then you can have the login stuff. However, what you are currently showing is in studio (and may be live in-game?) so TOS still apply to it. That means the login screen still remains questionable. Personally, I wouldn’t want to risk my account being moderated due to that login screen if I was the developer (which in my opinion, is unnecessary anyway).
That’s the life of developing something before considering design flaws. If this project is truly in early development then it shouldn’t be the end of the world to switch it.
What does this do behind the scenes database wise? Do your kick/bans/warns save if you use a guest? If they do, why would people bother to login in the first place?
Using your roblox account as authentication can have these too, I don’t see why you mention it.
They could also lose the game that the admin system is running on. I don’t think this point is a big deal with that in mind; if you lost your roblox account then the game is compromised regardless of the admin database’s integrity.
They could also lose the game that the admin system is running on. I don’t think this point is a big deal with that in mind; if you lost your roblox account then the game is compromised regardless of the admin database’s integrity.
I was referring to the user accounts. If a game gets compromised thats still fine, since what you saw in the video above is not being given to anybody. That will be a seperate game. But it is a security risk for database admins if one of them loses their account and someone goes into the database and for example just gives everyone infinite ammo. Voxel will also serve as a replacement for datastores, since its easier to manage data like that.
What does this do behind the scenes database wise? Do your kick/bans/warns save if you use a guest? If they do, why would people bother to login in the first place?
Guest accounts are for normal users who just want to take a look at public databases.
Admins will be required to have an account.
That’s the life of developing something before considering design flaws. If this project is truly in early development then it shouldn’t be the end of the world to switch it.
It would be a huge code rewrite, for which I don’t really have the time.
No offense but a login system is pretty pointless when you can literally just check Player UserIds. Having a username password system also allows for the chance someone may have the password giving them the chance to use it if they aren’t supposed to. Although I am sure you spent time on the login system, it really is a pointless system which I am guessing is to mock other systems that aren’t games, therefore requiring the system in some way.
Also having a fake loading bar that takes that long to finish is pretty pointless. I would not want to use something that takes that long to open knowing the loading bar doesn’t even need to exist. I could go further on some of the UI you have there but I believe I have said enough for now.
I was too.
The game getting compromised is very significant. I understand that your database would be safe from such a case, but if the attacker has edit access to the game then the integrity of your database is irrelevant at that point. Why waste time with infinite ammo when the attack can do whatever they want.
I understand, but that excuse won’t hold if the admin system gets caught up with Roblox moderation. It’s something you should strongly consider before releasing it.
I understand, but that excuse won’t hold if the admin system gets caught up with Roblox moderation. It’s something you should strongly consider before releasing it.
I will see about that and possibly contact a mod before that to get stuff cleared.
The game getting compromised is very significant. I understand that your database would be safe from such a case, but if the attacker has edit access to the game then the integrity of your database is irrelevant at that point. Why waste time with infinite ammo when the attack can do whatever they want.
Elaborate on that. I do not really understand what you are trying to say there.
All the account system is trying to protect is if a normal user gets compromised, to make the attacker unable to interact with the database.
This is actually not a good method at all (from my understanding) as people can simply use a Base64 Decoder. Instead with my personal opinion I would use HashLib - Cryptographic hashes in pure Lua since this supports many different hashs. If I am wrong please correct me.
EDIT: I’m a complete idiot, ignore me.
It is encrypted using a custom number. Someone would need to go trough millions of numbers in order to find the one I encrypted it with.
1 Like
Sorry, what? I was replying to him asking what 67-bit encryption is? I also don’t think he understands that encrypting all data at rest for this kind of application doesn’t make sense as it will sarcastically hurt query performance. It’s better to hash passwords instead of using encryption, methods such as Argon2, Bcrypt, or even PBK are way better than using base64 or any other method. Base64 is not built for that.
To be honest, I would actually want to try this out now! It looks so cool and well-made! Good job bro!
Just wanted to say that the project is still alive and being worked on, however we are in need of developers. So if anyone reads this and is interested in helping, then go and take a look at this The Voxel Project is hiring [OPEN]