Hi fellow monkeys,
After some years of experimenting with single player game development I’m now taking my first steps in multiplayer and networking game development. I will be using spider monkey and pspeed SimEthereal libraries, where I also have some questions about the ZoneManager but I’ll ask them in a different thread.
My first question starts at the beginning, how should a client safely authenticate to the server and how can the server maintain a link between the client’s connection and the account/player information.
I thought of implementing it like this:
The player creates an account on my registration website, the username and hashed password are stored in a db over an HTTPS connection. This way I don’t have to implement the account management, forget password flows, … etc myself.
- The client connects to the server, the server sends back a random generated string.
- The client sends the username and a hash of the hashed password concatenated with the random generated string (eg.
username, hash(hash(password) + generated string))
- The server compares the received hash with it’s own hash of the stored hash password and the generated string.
After this I’m a bit uncertain on how to proceed. Should the server then generate a token and should this token be added on the connection for security reasons? The server can check for duplicate tokens for example… If so, how should this token be added? Should this be included in every message to the server?
Or is it sufficient that after the client is authenticated, I just store some account/player info on the connection using the
setAttribute method? I’m not planning on adding account management or transaction management in the game. So only game related info will be passed on.
Another question I have is about the backing database on the server. Should I keep 2 separate databases, one for account information (mysql, postgres, …) and a file db for game entities, components, … (h2, sql, derby, sqlite, …)? Or is it ok to just have one backing database and mix this? If so, for what type of db should I be looking at? I’m mainly asking this question because I have some concerns about the speed and performance. Every time a component of an entity is changed it should be persisted, this can become heavy for the position components for example of the players, they will probably be constantly updated.
thanks in advance!