RPG

[Chris]

Oct 19, 2009 18:26:59 GMT -8 Charles Stover said:

Any user could potentially send data pretending to be another user. ProBoards has the advantage of being able to authenticate the user with cookies etc.

There is no unbreakable method of this. You can make it harder, but there is no absolute guard against it. To my knowledge, only one person has ever done that with any of my scripts, and they promptly stopped once I'd asked them too, so it was no big deal. Perhaps if ProBoards made an API, all would be well in the Internet kingdom.

If. Ask for it in v5?

The most secure way is to have the main admin create an account on the server when they install the code, thus only the main admin can edit the stuff. *shrugs* Issue there is if someone forges an account for the sub-domain before the main admin creates one, etc. That's the best way I've seen though. But it also completely relies on the main admin.

Edit: Make that "the most secure way *that I've found*"

[Jordan]

Oct 19, 2009 8:21:01 GMT -8 Chris said:

Good luck with this Jordan. I went and dug up my old RPG thread/board on SZ and here's some concepts I had:

Modify RPG Profile
About Your RPG
Battle Arena Layout (Video discussing how it works as well)

That's all that's still online unfortunately. >.< Hopefully those still help.

Thanks man, you have a lot of good ideas. I'm trying to keep it really simple right now so I don't get discouraged.

By the way, if anyone is interested in helping me develop this that's cool. It's all open source anyway.

Oct 19, 2009 19:36:50 GMT -8 Chris said:

The most secure way is to have the main admin create an account on the server when they install the code, thus only the main admin can edit the stuff. *shrugs* Issue there is if someone forges an account for the sub-domain before the main admin creates one, etc. That's the best way I've seen though. But it also completely relies on the main admin.

Edit: Make that "the most secure way *that I've found*"

Right now the admin registers on the headers and footers pages, but I doubt it's secure right now. I haven't really had time to work on anything.

[Chris]

Fair enough. simple is best. If you ever need more though, let me know. I had something like a 26kb text file of ideas. It was over the top. I've also got quite a few icons I'm sure you can use.

As for security... just let some of the PB coders test before you release and we should be able to let you know.

[Charles Stover]

Oct 19, 2009 19:36:50 GMT -8 Chris said:

Oct 19, 2009 18:26:59 GMT -8 Charles Stover said:

There is no unbreakable method of this. You can make it harder, but there is no absolute guard against it. To my knowledge, only one person has ever done that with any of my scripts, and they promptly stopped once I'd asked them too, so it was no big deal. Perhaps if ProBoards made an API, all would be well in the Internet kingdom.

If. Ask for it in v5?

The most secure way is to have the main admin create an account on the server when they install the code, thus only the main admin can edit the stuff. *shrugs* Issue there is if someone forges an account for the sub-domain before the main admin creates one, etc. That's the best way I've seen though. But it also completely relies on the main admin.

Edit: Make that "the most secure way *that I've found*"

But we're talking about things that the admin doesn't do personally, like "attack" or post to gain XP/gold/etc. It wouldn't be fun if you clicked "Attack [User]" and had to wait on the admin to go to the admin CP and allow the user to be attacked.

[Chris]

Oct 19, 2009 22:23:43 GMT -8 Charles Stover said:

Oct 19, 2009 19:36:50 GMT -8 Chris said:

If. Ask for it in v5?

The most secure way is to have the main admin create an account on the server when they install the code, thus only the main admin can edit the stuff. *shrugs* Issue there is if someone forges an account for the sub-domain before the main admin creates one, etc. That's the best way I've seen though. But it also completely relies on the main admin.

Edit: Make that "the most secure way *that I've found*"

But we're talking about things that the admin doesn't do personally, like "attack" or post to gain XP/gold/etc. It wouldn't be fun if you clicked "Attack [User]" and had to wait on the admin to go to the admin CP and allow the user to be attacked.

Very true. I guess I was thinking more along the lines of something like a portal than a RPG. Whoops.

[Michael]

The security is something that you can work on through an Alpha release, I'm sure you should get your system ready first, so that we can suggest the best method for securing it.