0

Can someone give me some guidance on my problem - I am writing a game (CryEngine) and I need to know how to send data - including usernames and passwords to a server where they can be stored in a database and shown on a webpage displaying the players "stats". I'd like to start with the usernames and passwords as they are the most paramount that I get right, the other stuff really doesnt have to be encrypted. Although, it might make it a bit harder for hackers to alter their stats.

So how would I approach doing this? I know my way around C++ and I have been using it for a while, I have already built a system that stores and captures the player's kills and XP etc. but this bit sounds more tricky. It sounds like I'm going to make heavy use of BOOST and possibly OpenSSL, but having never used these libraries before or having to make a secure system, I'm slightly confused. Any help or general directions are greatly appreciated!

Mat
  • 202,337
  • 40
  • 393
  • 406
Dan Vonk
  • 79
  • 1
  • 3
  • What are you asking here, really? Do you want to send encrypted data over a network? – Emil Vikström Dec 09 '12 at 17:14
  • Please don't store passwords on your DB without a very good reason, even if you can transmit them securely. Just store them as a secure hash. – Voo Dec 09 '12 at 17:34

2 Answers2

3

Open SSL sounds solid, have a look here: http://www.ibm.com/developerworks/linux/library/l-openssl/index.html .

You can use almost every crypting library for this (better not writing your own stuff) but since it is client/server anyway, using a protocol/system that was designed to do exactly this, your best bet is openSSL. The rest is a secured server with some sort of application running on it (Java EE) and handling the entries in some sort of database. Then choose some web-language of your preference to retrieve database entries.

PS: dont do it live (eg. every headshot is an entry) but transmit the final results of a round, or once every X minutes.

Arjan Tijms
  • 37,782
  • 12
  • 108
  • 140
Najzero
  • 3,164
  • 18
  • 18
0

I suggest using HTTPS.

Link against libcurl and with a few cookbook examples from the net you can have your client portion ready in a couple of minutes or hours. Fiddling with OpenSSL by hand could take days or weeks if you are new to it.

For the server part you can use your game's existing web server. Your game is going to have a web site, isn't it? The users will be able to access their stats via their web browsers too.

If you want to protect the score update mechanism, use regular cryptography API like crypt and a key hidden in the code to obfuscate/deobfuscate the player's score update password. It's obfuscation, not encryption, since the key ultimately resides on the client machine and can be recovered with a debugger.

n. m. could be an AI
  • 112,515
  • 14
  • 128
  • 243
  • So what is libcurls purpose exactly? Would i save all the data to a file and then send it to the server with libcurl? How would it work? – Dan Vonk Dec 09 '12 at 18:03
  • `libcurl` is an HTTP/HTTPS client (also FTP and other protocols). You can read all about `libcurl` [here](http://curl.haxx.se/libcurl/). Look especially at the examples like [this one](http://curl.haxx.se/libcurl/c/postit2.html) and [this one](http://curl.haxx.se/libcurl/c/https.html). – n. m. could be an AI Dec 09 '12 at 21:43