http-auth-client

What do you want to see in Armagetron soon? Any new feature ideas? Let's ponder these ground breaking ideas...
Post Reply
User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6711
Joined: Thu Dec 18, 2003 7:03 pm

http-auth-client

Post by Tank Program »

I did a html/php/javascript implementation of authentication the same as how I understand that the server does it. It's not quite bugfree, but works with the forums.

http://authentication.armagetronad.net/login/
lp:~armagetronad-dev/armagetronad/trunk-http-auth-client-work (this branch might not be the right place for it, but I wanted to put it someplace.)
Image
User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6711
Joined: Thu Dec 18, 2003 7:03 pm

Post by Tank Program »

The next step in this system has occurred. Try logging in to here with your authority accounts please.
Image
User avatar
Lackadaisical
Shutout Match Winner
Posts: 823
Joined: Sun Dec 21, 2003 4:58 pm
Location: Amsterdam, Netherlands
Contact:

Post by Lackadaisical »

It works, I guess? This looks awesome for handling tournament registration, but how do I know I didn't just give you my password?
User avatar
Z-Man
God & Project Admin
Posts: 11585
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Post by Z-Man »

Well, you can't. But if you look at the page source right now, you'll see that basically the same things happening in the arma client are implemented there as javascript; the password is not transmitted verbatim, but hashed and salted. That means, whatever the server code does, he can at most steal your ID for one session on one server for the old bmd5 authentication method. For the md5 method, you should be as safe as Tank is unable to reverse md5.

Of course, the page source can change anytime, but that's what the "Log me on automatically" thing is for. Glance at the page source, verify it's not sending a verbatim password or the first hash code, and click that button. OR YOU JUST TRUST HIM BECAUSE HE IS TANK PROGRAM?
User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6711
Joined: Thu Dec 18, 2003 7:03 pm

Post by Tank Program »

Really, if I wanted to steal your password, there'd be a lot of easier ways to do it...

But yes, what's happening there is effectively what the server does.

If a few people could test this out and you know, report if it works or not, that'd be good. I'd hate to change systems and suddenly no one can login.
Image
Luke-Jr
Dr Z Level
Posts: 2246
Joined: Sun Mar 20, 2005 4:03 pm
Location: IM: [email protected]

Post by Luke-Jr »

Doesn't seem to work for me.
User avatar
Freewheelin'56
Round Winner
Posts: 377
Joined: Sun Dec 21, 2003 7:02 pm
Location: Toronto, Canada

Post by Freewheelin'56 »

Hummm I have problems logging on :?:
Freewheelin'58 I want Goshdarn back!!
Great Googly Moogly
User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6711
Joined: Thu Dec 18, 2003 7:03 pm

Post by Tank Program »

I wonder if it's something with the dash and apostrophe.
Image
Luke-Jr
Dr Z Level
Posts: 2246
Joined: Sun Mar 20, 2005 4:03 pm
Location: IM: [email protected]

Post by Luke-Jr »

Tank Program wrote:I wonder if it's something with the dash and apostrophe.
I don't have a dash in my auth. dashjr.org answers for 'luke'
User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6711
Joined: Thu Dec 18, 2003 7:03 pm

Post by Tank Program »

So you tried logging in as [email protected]?
Image
User avatar
Lacrymosa
Round Winner
Posts: 286
Joined: Wed Feb 15, 2006 6:44 pm
Location: Heaven or Hell...?
Contact:

Post by Lacrymosa »

I get "bad username" as a result. Tried lower and upper case.
User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6711
Joined: Thu Dec 18, 2003 7:03 pm

Post by Tank Program »

You tried LukeSky@forums for the login?
Image
User avatar
Lacrymosa
Round Winner
Posts: 286
Joined: Wed Feb 15, 2006 6:44 pm
Location: Heaven or Hell...?
Contact:

Post by Lacrymosa »

Tank Program wrote:You tried LukeSky@forums for the login?
Nope, I forgot the @forums part. Now it works.
Post Reply