HTML client best practice

Post here your questions about the HTML5 / JavaScript for SFS2X

Moderators: Lapo, Bax

firedave
Posts: 1
Joined: 05 Jun 2013, 14:27

HTML client best practice

Postby firedave » 05 Jun 2013, 14:44

From a security perspective, I see you've released a login/sign-up assistant which looks very interesting. In terms of security for the HTML client in particular, I don't want to store the username/pword smartfox server IP, and zone on the client side - what are your thoughts to this?

Hashing these values is marginally better but have you a best practice you would advise here?
User avatar
Bax
Site Admin
Posts: 4609
Joined: 29 Mar 2005, 09:50
Location: Italy
Contact:

Re: HTML client best practice

Postby Bax » 06 Jun 2013, 09:40

As it regards the username/password, they are not stored on the client. They are usually entered by the user and transmitted to the server. In particular the password is not transmitted in clear.
About the IP and Zone, it is not possible to hide them, otherwise how is the client supposed to connect to the right server and Zone?
Paolo Bax
The SmartFoxServer Team
User avatar
coolboy714cp
Posts: 323
Joined: 06 Feb 2010, 02:45
Contact:

Re: HTML client best practice

Postby coolboy714cp » 01 Mar 2016, 10:29

Sorry, I know this thread I quite old, but I had to say something about having the IP/port hiding inside the code.

If you really wanted to "hide" the IP and port from people who don't know anything about coding, you could base64/rot13 encode them, get the encoded string, and when using it in the code, just decode the string using the algorithm you used to encode it.

You could also use JavaScript/jQuery to send an HTTP request to a PHP page to retrieve the IP and port combo from a database, that way they are never exposed in cleartext to anyone viewing your code. Someone will always be able to find the information if they really wanted to though. Wireshark isn't too hard to use to find a connections remote address and port, and neither is the terminal/command prompt's netstat command.

Return to “SFS2X HTML5 / JavaScript API”

Who is online

Users browsing this forum: No registered users and 21 guests