Search Unity

A Simple Login

Discussion in 'Multiplayer' started by mike002, Mar 3, 2010.

  1. mike002

    mike002

    Joined:
    Feb 26, 2010
    Posts:
    5
    I would like to create a login screen for my unity web based game / 3d environment. I would also like this to be reasonably secure, encrypting the sending of the username and password.

    With two textboxes, username and password, using the WWW class I could fire off a post to a PHP script that could authenticate me. Naturally packet sniffers could pick this out, therefore, does Unity support SSL?

    Alternatively, and this is something I'm not sure about, could my server (a modified instance of my game running on a external server) InitializeSecurity, let my client connect and then send the username and password automatically encrypted. The sever, upon receiving the login attempt could query my local database, check that the username and password combination is correct and send back a success / failure message. Would this be a viable solution?

    Many thanks,
    Mike
     
    mike002, Mar 3, 2010
    #1

  2. basel

    basel

    Joined:
    Nov 16, 2009
    Posts:
    33
    I have it found here i don't know unity supports ssl.
     
    basel, Mar 3, 2010
    #2

  3. mike002

    mike002

    Joined:
    Feb 26, 2010
    Posts:
    5
    Thanks basel, that's a good post but, although I'm not entirely sure, I don't think that MD5 is that secure, at least not in comparison to a SSL certificate.

    Cheers dude
     
    mike002, Mar 4, 2010
    #3

  4. Cyclops

    Cyclops

    Joined:
    Jan 31, 2010
    Posts:
    111
    I wonder if you could do all your authentication in a secure Login web page - then when calling the Unity plugin, pass it some key, so the executable knows it's an authorized copy.

    I have no clue if this would work, or is totally ignorant of networking, I'm a network noob :) Just thinking about how it could be done if/when I ever get my project to deployment.

    If you do find a solution, please post it for the rest of us :)

    Updated: Just read the Web Deployment page, and Unity does have the ability to SendMessage() to/from the browser, to/from the Unity executable. So given that they can both communicate, I think my suggestion might actually work. Will wonders never cease...

    John C>
    "For all your days, prepare, and meet them ever alike;
    When you are the anvil, bear - when the hammer, strike."
     
    Cyclops, Mar 5, 2010
    #4

  5. Reid

    Reid

    Joined:
    Mar 7, 2010
    Posts:
    7
    It's not and hasn't been for some time i.e. there was a complete break for MD5 in the mid/late 90's. IF a secure hash is wanted, then one should use SHA512. But, even then, one should leave it open to be replaced as even the SHA family has been weakened over the past few years i.e. a practical break is a real concern. This is the reason why NIST is doing the same thing for hash functions that they did with the AES competition.

    Honestly, find a way to use SSL. It's the only real option if security is needed. And since the browser can be used...
     
    Reid, Mar 7, 2010
    #5