About securing my server

[Legacy_paradogz]

               

Hello,


I've seen a lot a of idea to secure my server but I'd like to ask you if fetching the IP adress and link it to the account would actually be a good idea, I don't know how many people still got a DHCP internet adress...

As GOG gives away the same CDKey for everyone, I don't think the CDKEY protection is much relevant; is there another solution that does not imply IP or CDKEY ? Like a passcode when you connect ?


Thanks for your help

Paradogz

               
               

               
            

[Legacy_MrZork]

               

First, though each copy of NWN that GoG comes with the same CD key, GoG gives out unique CD keys to purchasers who request them. So, all of your players with a legit copy of the game should have their own CD keys. In other words, don't worry about linking CD keys to player names because of the generic CD key, since people playing online should not be using that one.

 

As far as I know, lots of people still have IP addresses assigned unpredictably when they reboot their routers. Not that they get a new IP address each time necessarily, but their is no guarantee that they get the same IP. Even aside from the IP assignments of the ISPs for players' home internet connections, players will have a different IP when they want to play from a friend's house, while traveling and staying at a hotel, or even just when checking in from a WiFi hotspot somewhere. I think server security that assumes players will have the same IP each time they log in is going to result in lots of headaches and lots of frustrated players.

 

I am not a server admin, so others will have other advice as well. But, I would suggest reading FunkySwerve's post in the "Securing Your Server Without Master Server Authentication"  thread in this forum. It provides a nice way to link player names to CD keys (even accommodating players with more than one key, as many of us do) to provide at least a baseline of security.

               
               

               
            

[Legacy_Grani]

               

As MrZork said, I also think that currently the best possible way to secure your server is to assign CD keys to player's accounts. You could even go further and block any players with the generic GOG key from logging in - this could ensure that no one will log into their account from a key that's "public" of sorts. Some people might not be aware they're not supposed to play NWN online without a unique CD key, so their accounts could be endangered if you chose to secure the server by using CD keys. Not to mention the fact that problems could ensue if more than one of your players wanted to play at once using the GOG key.

 

By the way, I can't understand why GOG won't give out unique CD keys for NWN automatically and you have to write to them and specifically ask for it. They assign keys automatically for other games (even NWN2), so why not this one? Not to mention that due to this "manual" key assignment you won't find it in your library page if you happen to lose it for some reason. A bit messed up, if you ask me.

               
               

               
            

[Legacy_Shadooow]

               

You can code password after login. New character would be asked to set such password, whenever you would logged from different IP than last connection you could force promt password into chat before continue.

 

That would be done this way:

1) move character into special area with no exit

2) apply black screen and start conversation where player wll be asked to type his password

3) if he types it set current ip to lastip used for this account, port him at original destination

4) if not boot PC

 

if noone beats me to it, I can code such "system" and publish it on vault