[ask] can i have userId from database?

Post here your questions about Actionscript and Java server side extensions development.

Moderators: Lapo, Bax

deux
Posts: 21
Joined: 15 Dec 2010, 07:48

[ask] can i have userId from database?

Postby deux » 03 Sep 2011, 17:14

hey masters..
i am currently developing a database cutom login..
i have user database like username,userpassword, user email and userid..

after logged in,when i call user.getName from onJoinRoom i have my user name from database, but when i call user.getId, i dont have my user id from database...

how can i get my user id from database?
how did onJoinRoom function get the user id when i used database custom login?


my custom login uses this function:

Code: Select all

_server.loginUser(userName, passWord, SocketChannel)



thanks..[/code]
sorry for my 'newbie' english
User avatar
rjgtav
Posts: 2813
Joined: 19 Apr 2009, 11:31
Location: Lisbon, Portugal

Postby rjgtav » 03 Sep 2011, 18:32

hi. First, the id you get from user.getId() is the id of the user that was attributed by the server, and that is used for internal procedures.

Secondly, never, but never, send the database.s user id, as thats a security leak. If you want to access it, you first need to store it, and you have 2 ways to do it, depending on how you want to access it:

- User Variable - if you store it as an user variable, you can access it from both the server and the client.

- User Property - if you store it as an user property, only the server can access it (via an extension). This is the recommended way to do it, as you.ll protect it from possible hackers.
Skills: SFS Pro, SFS2X, AS2.0/AS3.0, Java, HTML5/CSS3/JS, C#
Portfolio: https://rjgtav.wordpress.com/
SFS Tutorials: http://sfs-tutor.blogspot.com/ - Discontinued. Some examples may be bugged.
deux
Posts: 21
Joined: 15 Dec 2010, 07:48

Postby deux » 05 Sep 2011, 12:26

thanks rjgstav..
then how to store the user id to the user properties?
Is it any tutorial for it?

sorry i'm newbie
sorry for my 'newbie' english
User avatar
rjgtav
Posts: 2813
Joined: 19 Apr 2009, 11:31
Location: Lisbon, Portugal

Postby rjgtav » 05 Sep 2011, 13:50

In the server-side User class, you'll find the put and get methods. They are used to store and retrieve properties.
Skills: SFS Pro, SFS2X, AS2.0/AS3.0, Java, HTML5/CSS3/JS, C#
Portfolio: https://rjgtav.wordpress.com/
SFS Tutorials: http://sfs-tutor.blogspot.com/ - Discontinued. Some examples may be bugged.
User avatar
Flappi282
Posts: 158
Joined: 20 May 2009, 17:51
Contact:

Postby Flappi282 » 27 Sep 2011, 17:25

It's not really a security leak if you give out the ID. It's pretty good for short packets and optimizing bandwidth.
--
Flappi282
User avatar
BigFIsh
Posts: 1698
Joined: 25 Feb 2008, 19:26
Location: New Zealand

Postby BigFIsh » 27 Sep 2011, 22:37

Yes, it's okay to give out SFS User ID but as rjgtav said, it's not wise to provide the Database ID. Database ID should only be stored on server side.
Smartfox's forum is my daily newspaper.
User avatar
Flappi282
Posts: 158
Joined: 20 May 2009, 17:51
Contact:

Postby Flappi282 » 28 Sep 2011, 18:21

BigFIsh wrote:Yes, it's okay to give out SFS User ID but as rjgtav said, it's not wise to provide the Database ID. Database ID should only be stored on server side.


Then perform some sort of server sided function on the user's ID to make it more secure ;D

Eg:

Code: Select all

function makeaniceandsafeID(databaseID){
return "1" + (databaseID * 282);
}
--

Flappi282

Return to “Server Side Extension Development”

Who is online

Users browsing this forum: No registered users and 6 guests