My producer, hopes to hundreds of thousands concurrent users :) so I must use clustering too. Lapo, is there the same problem with 'Banned list' while using clustering like the problem with 'Buddy list'? Are there other areas which should be prepared for clustering (besides Buddy list and may be Ban...

I am taking a note to investigate this and provide some documentation on how to proceed. It will be great! In this case I think the whole application could be compromised not just the secure connection. Of course they could be able to steal private data from your database or even alter it in order ...

Lapo, is there the same problem with 'Banned list' while useing clustering like the problem with 'Buddy list'?

here (viewtopic.php?t=7839&start=15) with Lapo we came to some conclusion, there was a bit of misunderstanding between 'loggin in' and 'registration'

Thank you so much, yours 0.02 is very useful! :) Is it true that embedded Jetty coming with SFS2X doesn't support HTTPS? So, let's say I am at home in front of my desktop typing my data for the registration form. You are in your underground secret lab trying to obtain my password. How do you proceed...

I belive this method is really good working for login in (when plain password or hashed password is already in DB), but I can't understand how it works with registration step by step: 1)DB is empty 2)send to DB 'my_hash' == MD5("my_password") and other registration information like "m...

Also I am conducting a personal research on this so I have to ask: what is your specific use case? may be it will be useful for something like this: http://www.smartfoxserver.com/forums/viewtopic.php?t=9427 or may be you can give me advise how to transmit 'originalPass' (which used in checkSecurePa...

yep, but I suppose this is suitable for 1.x too

Lapo, is there any news about SSL implementation in SFS2X?

Ok, can you please explain how the 'originalPass' (which used in checkSecurePassword) will be passed to server DB? boolean checkSecurePassword(ISession session, String originalPass, String encryptedPass) be sure 'SFSRandomKey' and 'localKey' are known for hackers (SFSRandomKey - intercepted, localKe...

But there will be just MD5 hash (not original password) in the DB on the server side because "I encrypt the password using MD5 and send it to the server", so hackers do not need to know the original password. Just send this MD5 hash and server will match them (MD5 hash in DB is equal MD5 h...

BigFIsh wrote:This is what I do: I encrypt the password using MD5 and send it to the server along with other registration data.

Seems this is unsecure. If hacker intercept/read your message he'll be able to use this MD5 hash as your password after.

I want to register new user in game (there is no password in DB yet), how can I send password to SFS in encrypted mode? (i don't want use registration via http server or something like that) I see such way: 1. user side: user clicks registration button and see registration form. server side: logs us...

nobody tried it?

Thank you! Think I understood this :) I suppose there are it's own pros and cons while using Terracotta as persistence system + reduce a bit load of database + increase speed of response from Friend list - additional technology in a project - data separation (potential difficulties with project migr...