MV3D Development Blog

February 17, 2008

Authentication: Done

Filed under: Uncategorized — SirGolan @ 4:37 pm

I just finished up the new authentication code for MV3D. I’m very happy with it. It works similarly to my last post, more or less. A client establishes two way trust with a login server, the login server creates two random passwords and a unique identifier. The client logs in to the desired server using its username, unique id, and the first password. That server establishes a two way trust with a login server and retrieves the random passwords for that user/unique id combo. It validates the client’s password. The client can initiate a challenge response in order to verify that the server knows the second password. Thus, a two way trust is set up between the client and the server without the server knowing the client’s real password.

One cool thing is that I added a permission to Accounts using MV3D’s security system to grant or deny a server’s account from authenticating the target account. So, it would be possible to let someone host a server that certain accounts could log in to. The specific accounts would be controlled by whoever is running the Account server / login server (i.e. me).

The only thing I can think to add here would be to give each server a unique id (probably using SSL certs or ssh keys). That way, a client can have a list of key fingerprints from trusted servers like SSH does. This would fend off the case of an attacker who gained the login credentials of a server making their own server.

What’s next on the agenda? Mostly code cleanup. In fact, the authentication tickets were the last tickets for new features in this release. I’d like to release most, if not all of the code when I do this release as well. However, other than code cleanup, there’s some infrastructure tasks I need to do before releasing the code. Then after that, testing. There’s currently a few unit tests that fail which will have to be fixed, I’m also going to want to do some load testing of the login and account services. Basically, my plan is to run the official MV3D account server, so I’d like to make sure it’ll function well with say.. 100x the anticipated load. I don’t anticipate much load, but I would rather be able to handle the very slight chance that MV3D generates a lot of interest.

By the way, just to start setting expectations now. Don’t expect to be blown away by the open source release. I’ve completely concentrated on the foundation of MV3D. It’s just been me working on it, and there is definitely no amount of game built yet. Even after the cleanup I’m doing, the code will need a lot more. There are way too few unittests, and I’m sure some of the older code is just plain old wrong. However, the foundation is there, I feel it’s very strong and flexible. It is very possible to build a game on top of what exists now. In fact, that’s the main requirement for this release since the next one includes content.

Speaking of things I need to do to prepare for a release… I know some people who read this maintain a publicly available Trac instance. What’s the best way to keep the spam off? Even when I was running mine on port 8080, I was getting enough spam tickets that I had to set it to require a login in order to modify tickets / pages / etc. I’d prefer if people could post tickets without asking me for a login because the less hurdles in the way of people reporting bugs, the better. I’m also considering sending www.mv3d.com to trac.mv3d.com. Does that sound like a good idea?

Finally, once I get it up, I’d love to have some people hammer on the login server. It’s got a standard web interface (thanks to Nevow) so people can create accounts or change their passwords. More details to come soon.

31 Comments »

  1. < a href = “http://gov.mp3path.ru/?p=9&lol= hondo@travelled.bleating“>.< / a >…

    благодарен!!…

    Trackback by Julius — August 22, 2014 @ 2:20 pm

  2. < a href = “http://ch.mp3flight.ru/?p=1&lol= balconies@deport.putted“>.< / a >…

    hello….

    Trackback by ernesto — November 17, 2014 @ 5:16 pm

  3. < a href = “http://wp.albumity.ru/?p=6&lol= biologist@revels.provocatively“>.< / a >…

    tnx!!…

    Trackback by willard — November 21, 2014 @ 9:54 am

  4. < a href = “http://foremost.asphaltirovanie.ru/?p=12&lol= challenged@by.orient“>.< / a >…

    ñïñ çà èíôó!!…

    Trackback by Roy — November 22, 2014 @ 12:38 am

  5. < a href = “http://medically.songkeeper.ru/?p=13&lol= retracted@sanitaire.obe“>.< / a >…

    ñýíêñ çà èíôó!…

    Trackback by Roland — November 22, 2014 @ 6:32 am

  6. < a href = “http://org.artistcutter.ru/?p=26&lol= invigoration@rove.nomia“>.< / a >…

    good….

    Trackback by clarence — November 23, 2014 @ 9:19 am

  7. < a href = “http://list.artistroute.ru/?p=9&lol= pricing@tallahassee.bondi“>.< / a >…

    áëàãîäàðåí….

    Trackback by johnny — November 24, 2014 @ 11:12 pm

  8. < a href = “http://eu.artistnote.ru/?p=1&lol= rioters@plymouth.require“>.< / a >…

    tnx!!…

    Trackback by James — November 27, 2014 @ 1:01 pm

  9. < a href = “http://fr.skasong.ru/?p=39&lol= musicianship@cosmology.withdrawn“>.< / a >…

    ñïàñèáî çà èíôó!!…

    Trackback by Robert — November 27, 2014 @ 6:07 pm

  10. < a href = “http://scattered.albumteria.ru/?p=40&lol= estep@aunts.gores“>.< / a >…

    áëàãîäàðþ!!…

    Trackback by Alfred — November 27, 2014 @ 11:04 pm

  11. < a href = “http://hemorrhoids.artistcase.ru/?p=21&lol= libertie@coop.bypass“>.< / a >…

    tnx….

    Trackback by harry — November 28, 2014 @ 8:09 am

  12. < a href = “http://leslie.songferry.ru/?p=12&lol= ogden@relay.blinds“>.< / a >…

    ñýíêñ çà èíôó….

    Trackback by Raymond — December 5, 2014 @ 2:47 am

  13. < a href = “http://eu.songseller.ru/?p=5&lol= roofer@olivefaced.divides“>.< / a >…

    good info!!…

    Trackback by tim — December 5, 2014 @ 1:14 pm

  14. < a href = “http://fr.asphaltirovka.ru/?p=44&lol= pedantic@remotely.spencer“>.< / a >…

    good….

    Trackback by Eduardo — December 12, 2014 @ 7:19 am

  15. < a href = “http://fr.songdog.ru/?p=50&lol= tonio@inspiration.bottles“>.< / a >…

    good info….

    Trackback by dwight — December 13, 2014 @ 8:04 am

  16. < a href = “http://list.songiance.ru/?p=29&lol= junkers@geographically.palindromes“>.< / a >…

    tnx for info!…

    Trackback by ivan — December 13, 2014 @ 4:57 pm

  17. < a href = “http://gov.artistmage.ru/?p=47&lol= anyway@outfitted.hamiltons“>.< / a >…

    hello!…

    Trackback by Barry — December 13, 2014 @ 5:31 pm

  18. < a href = “http://fr.mp3technica.ru/?p=9&lol= shih@summation.abstractionism“>.< / a >…

    ñïñ çà èíôó….

    Trackback by Rafael — December 17, 2014 @ 9:53 am

  19. < a href = “http://fr.artistcutter.ru/?p=48&lol= exposure@pessimists.dusted“>.< / a >…

    good!!…

    Trackback by Joshua — December 20, 2014 @ 8:27 pm

  20. < a href = “http://com.mp3verse.ru/?p=3&lol= sleepless@flick.shrink“>.< / a >…

    thanks for information!…

    Trackback by Derek — December 20, 2014 @ 9:04 pm

  21. < a href = “http://list.mp3fin.ru/?p=32&lol= unaccountable@flaxen.misgauged“>.< / a >…

    thanks for information!…

    Trackback by joseph — January 20, 2015 @ 12:24 pm

  22. < a href = “http://various.artistpod.ru/?p=46&lol= concept@ormoc.inks“>.< / a >…

    thanks!…

    Trackback by marion — January 25, 2015 @ 1:32 am

  23. < a href = “http://arlenes.songsphere.ru/?p=26&lol= decorous@duels.mystique“>.< / a >…

    good!!…

    Trackback by tyler — January 25, 2015 @ 6:22 am

  24. < a href = “http://en.songidian.ru/?p=33&lol= certain@phenothiazine.freddie“>.< / a >…

    ñïñ!!…

    Trackback by cory — January 26, 2015 @ 12:51 pm

  25. < a href = “http://net.songigee.ru/?p=9&lol= flourish@cowman.boomed“>.< / a >…

    ñïñ çà èíôó….

    Trackback by micheal — January 31, 2015 @ 3:36 pm

  26. < a href = “http://feigning.artistmaker.ru/?p=15&lol= opium@dirksen.williamsburg“>.< / a >…

    ñïàñèáî!…

    Trackback by Lynn — February 3, 2015 @ 8:50 pm

  27. < a href = “http://discriminating.68p.ru/?p=42&lol= redwoods@dsm.sheridan“>.< / a >…

    thanks!!…

    Trackback by jorge — February 4, 2015 @ 10:44 am

  28. < a href = “http://justinian.vocalsong.ru/?p=1&lol= julius@belaboring.coughing“>.< / a >…

    tnx!…

    Trackback by Trevor — February 8, 2015 @ 5:53 pm

  29. < a href = “http://ru.songiance.ru/?p=20&lol= sponsored@tendon.niccolo“>.< / a >…

    thanks for information!…

    Trackback by daniel — February 8, 2015 @ 6:31 pm

  30. < a href = “http://adulthood.buildspot.ru/?p=24&lol= overwhelmed@stripped.kelts“>.< / a >…

    good info….

    Trackback by Felix — February 8, 2015 @ 7:07 pm

  31. < a href = “http://eu.songport.ru/?p=28&lol= disgusted@ensued.cabinetmakers“>.< / a >…

    ñïñ çà èíôó….

    Trackback by Tommy — February 13, 2015 @ 8:36 am

RSS feed for comments on this post. TrackBack URL

Leave a comment

You must be logged in to post a comment.

Powered by WordPress