Forum QuickConnect QuickConnect Security

Discussion and help relating to PlayerIO's QuickConnect feature, including Facebook Connect and Kongregate Connect.

QuickConnect Security

Postby limex » September 2nd, 2011, 4:30 pm

Hi,
I would like to use QuickConnect for Simple Users but I do not know how to do it in a secured way. The problem is that I do not know how to distinguish users who are connected through PlayerIO.quickConnect.simpleConnect(...) from those connected by calling PlayerIO.connect(...)

I have noticed (or maybe I have missed something) that following two pieces of code gives the same Player on server side, however the second code does not require a password at all:

Code: Select all
PlayerIO.quickConnect.simpleConnect(
   stage,
   GAME_ID,
   "TestUser",
   "SecretPassword",
   this.onLogin,
   this.onError
);


Code: Select all
PlayerIO.connect(
   stage,
   GAME_ID,
   "public",
   "simpleTestUser",
   null,
   null,
   onHack,
   onError
);


I can easily imagine somebody who decompile my SWF and use PlayerIO.connect(...) to get unauthorized access.

I'm a new user of PlayerIO and there is a big chance that I have missed something or I'm doing something wrong. Please explain me how "QuickConnect for Simple Users" service should be used.

Thanks in advance
Limex Games
limex
Paid Member
 
Posts: 2
Joined: August 13th, 2011, 2:33 pm

Re: QuickConnect Security

Postby Henrik » September 2nd, 2011, 6:07 pm

On the Settings page for your game in the admin panel, you will see a list of connections for the game. Typically you'll only have one connection, public, so edit that, check the "Require Authentication" checkbox, and enter some garble in the shared secret field.

This way noone can connect using the regular connect method without generating the correct auth for each user, which effectively disables it.
Henrik
.IO
 
Posts: 1880
Joined: January 4th, 2010, 1:53 pm

Re: QuickConnect Security

Postby limex » September 2nd, 2011, 7:37 pm

It's working! Thanks!
limex
Paid Member
 
Posts: 2
Joined: August 13th, 2011, 2:33 pm


Return to QuickConnect