Page 2 of 4

Re: love.cloud

Posted: Tue Oct 27, 2009 6:56 am
by Robin
Geti wrote:i think hashing the game's files (especially main.lua) and using a lookup against each game id would be a good idea.
That might be a good idea. I have two problems with it:
  1. For every minor update, you have to add its hash too the server.
  2. You can copy main.lua to oldmain.lua (for example), and change main.lua, and when you need to supply the hash, you just take oldmain.lua's hash... unless this functionality is in LÖVE itself, but then you can just compile LÖVE to take the hash of oldmain.lua...
Everything can be cracked, but checking hashes might be a simple way of deterring most of a broad group of "petty crackers".

Re: love.cloud

Posted: Tue Oct 27, 2009 7:10 am
by bartbes
Of course at the moment where it does provide downloads, a game can easily be overwritten when its hash doesn't match.

I still have to find a good solution...

Re: love.cloud

Posted: Tue Oct 27, 2009 9:40 am
by appleide
Hashing sounds good enough. Need an IT security expert here. :(

Re: love.cloud

Posted: Tue Oct 27, 2009 9:54 am
by kalle2990
What if you save all versions in the database for the security. When connection to the cloud you get the id by checking small values against each other.
This requires that the love.cloud isn't editable
  • The script enumerates the folder where the files are and get the length of each file
  • The script puts it all (including the structure) in a file and sends it to the server
  • The server checks the file against all versions (in the small format) and returns some expected value
  • The server saves the connection and some values editable from the client and readable from all clients (for online games when connected ip's might be wanted)
I'm not sure if this is completely safe but it was the best I could come up with. ^^

Re: love.cloud

Posted: Tue Oct 27, 2009 4:26 pm
by bartbes
Well, yeah, but this makes mods impossible. (or any other file)
I'm going to start with player profiles and save games anyway, at that point it doesn't really make a difference, but there needs to be a single solution.
The best I could come up with:
Passing a single file to love.cloud (which is the hashed and checked) and that is the only file that can make direct love.cloud calls. Of course from then on security relies on the programmer of the game, but I guess that is reasonably safe, and doesn't necessarily invalidate on every update.

Re: love.cloud

Posted: Tue Oct 27, 2009 4:51 pm
by Avalon
Just remember, relying on a single server would kind of be against the idea of a cloud. o/

I use a vaguely similar system in a <it's a secret!>, but utilizing a geo-distributed setup (for speed more than anything else) of machines to connect to.

Re: love.cloud

Posted: Tue Oct 27, 2009 5:06 pm
by kalle2990
I guess you are correct bartbes, but will you add that connected ip's of a game? I would really like that feature since I could make online games without having the users to enter the ip to connect to with it.

Re: love.cloud

Posted: Tue Oct 27, 2009 7:20 pm
by bartbes
If you mean that you won't have to supply an IP of the cloud you are correct, that would be kind of anti-user-friendly.

Re: love.cloud

Posted: Wed Oct 28, 2009 8:08 am
by kalle2990
I meant that the game (or every player) saves the ip of the player to the cloud so other players can see it.

Code: Select all

love.cloud.keepAlive() --Sent every 4-5 minutes so the server knows the ip is still active in case the player loses the connection unexpected
love.cloud.getOtherPlayers() --Returns a table of all the ip's connected to the cloud with that game id
Could be useful for developers wanting to make peer to peer games and don't want it to be overcomplicated for the user (Including me ^^ )

Re: love.cloud

Posted: Wed Oct 28, 2009 3:00 pm
by bartbes
Is a good idea and probably will be implemented at the time users are implemented :D