You can go with some sort of API key mechanism where your server receives the API key and the authenticated user ID, that way you can validate a particular request comes from a game server from that particular user. It makes much more sense from a security perspective to keep Roblox accounts linked 1:1 to accounts on your third-party system.
I did this because I cannot transfer voxel accounts. I built this whole system up on an account system and it would just not work if I changed this now. For the people who donât trust me enough, there still is a way to log in as âguestâ. This game will be at some point moved to a website anyways and is just temporary.
This account system makes it possible for me to have custom profile pages. However, if someone looses their roblox account, this is a big security risk for database owners, plus I cannot transfer their voxel account. If people donât trust me, sure. Thatâs their thing. They donât need to use voxel nor have an account there. All the stored stuff is encrypted and thatâs the highest security that I can provide.
Plus, people donât need to use a actual password which they use on other sites.
When itâs moved to a website then you can have the login stuff. However, what you are currently showing is in studio (and may be live in-game?) so TOS still apply to it. That means the login screen still remains questionable. Personally, I wouldnât want to risk my account being moderated due to that login screen if I was the developer (which in my opinion, is unnecessary anyway).
Thatâs the life of developing something before considering design flaws. If this project is truly in early development then it shouldnât be the end of the world to switch it.
What does this do behind the scenes database wise? Do your kick/bans/warns save if you use a guest? If they do, why would people bother to login in the first place?
Using your roblox account as authentication can have these too, I donât see why you mention it.
They could also lose the game that the admin system is running on. I donât think this point is a big deal with that in mind; if you lost your roblox account then the game is compromised regardless of the admin databaseâs integrity.
They could also lose the game that the admin system is running on. I donât think this point is a big deal with that in mind; if you lost your roblox account then the game is compromised regardless of the admin databaseâs integrity.
I was referring to the user accounts. If a game gets compromised thats still fine, since what you saw in the video above is not being given to anybody. That will be a seperate game. But it is a security risk for database admins if one of them loses their account and someone goes into the database and for example just gives everyone infinite ammo. Voxel will also serve as a replacement for datastores, since its easier to manage data like that.
What does this do behind the scenes database wise? Do your kick/bans/warns save if you use a guest? If they do, why would people bother to login in the first place?
Guest accounts are for normal users who just want to take a look at public databases.
Admins will be required to have an account.
Thatâs the life of developing something before considering design flaws. If this project is truly in early development then it shouldnât be the end of the world to switch it.
It would be a huge code rewrite, for which I donât really have the time.
No offense but a login system is pretty pointless when you can literally just check Player UserIds. Having a username password system also allows for the chance someone may have the password giving them the chance to use it if they arenât supposed to. Although I am sure you spent time on the login system, it really is a pointless system which I am guessing is to mock other systems that arenât games, therefore requiring the system in some way.
Also having a fake loading bar that takes that long to finish is pretty pointless. I would not want to use something that takes that long to open knowing the loading bar doesnât even need to exist. I could go further on some of the UI you have there but I believe I have said enough for now.
The game getting compromised is very significant. I understand that your database would be safe from such a case, but if the attacker has edit access to the game then the integrity of your database is irrelevant at that point. Why waste time with infinite ammo when the attack can do whatever they want.
I understand, but that excuse wonât hold if the admin system gets caught up with Roblox moderation. Itâs something you should strongly consider before releasing it.
I understand, but that excuse wonât hold if the admin system gets caught up with Roblox moderation. Itâs something you should strongly consider before releasing it.
I will see about that and possibly contact a mod before that to get stuff cleared.
The game getting compromised is very significant. I understand that your database would be safe from such a case, but if the attacker has edit access to the game then the integrity of your database is irrelevant at that point. Why waste time with infinite ammo when the attack can do whatever they want.
Elaborate on that. I do not really understand what you are trying to say there.
All the account system is trying to protect is if a normal user gets compromised, to make the attacker unable to interact with the database.
This is actually not a good method at all (from my understanding) as people can simply use a Base64 Decoder. Instead with my personal opinion I would use HashLib - Cryptographic hashes in pure Lua since this supports many different hashs. If I am wrong please correct me.
Sorry, what? I was replying to him asking what 67-bit encryption is? I also donât think he understands that encrypting all data at rest for this kind of application doesnât make sense as it will sarcastically hurt query performance. Itâs better to hash passwords instead of using encryption, methods such as Argon2, Bcrypt, or even PBK are way better than using base64 or any other method. Base64 is not built for that.
Just wanted to say that the project is still alive and being worked on, however we are in need of developers. So if anyone reads this and is interested in helping, then go and take a look at this The Voxel Project is hiring [OPEN]