[Security] Authenticating with a dedicated account.
Moderator: NADEO
[Security] Authenticating with a dedicated account.
Rax had told me that he connected an MX account with a dedicated server login. Can you explain why this is possible? Authenticating with a dedicated server account through the player page is surely a security hole to some extent as it isn't even a valid player.
Mania Exchange - Share your maps!
ASUS Maximus IV GENE Z / i7 2600K 3.40Ghz QC / 16GB G.Skill Ripjaws DDR3 / GTX 560 Ti
Need technical help for ManiaPlanet? Click here.
ASUS Maximus IV GENE Z / i7 2600K 3.40Ghz QC / 16GB G.Skill Ripjaws DDR3 / GTX 560 Ti
Need technical help for ManiaPlanet? Click here.
Re: [Security] Authenticating with a dedicated account.
I just tried and it is indeed possible. It is an unwanted bahviour, though I'm not sure why it could be a security risk. In ny case, it will blocked soon.
Please do not PM for support. Instead, create a thread so that everyone can contribute or benefit from the answer! 
Re: [Security] Authenticating with a dedicated account.
I don't find it bad !... but it would be a good thing to have a isDedicated flag in the player object then, so a client would be able to accept or reject the connected login.
Same with \Maniaplanet\WebServices\Players() ->get() : a isDedicated flag would be nice.
Same with \Maniaplanet\WebServices\Players() ->get() : a isDedicated flag would be nice.
Developer/maintainer of TM² Dedimania records system - TM² Fast4 server script (download , french topic)
Re: [Security] Authenticating with a dedicated account.
Maybe not so much a security (over exaggerated it there) problem as much as it is a problem in general. It becomes a problem for MX because this would allow fake accounts to be registered and linked.
Edit: I agree with Slig's suggestion. A flag would indeed be nice and it would solve the present problem MX faces.
Edit: I agree with Slig's suggestion. A flag would indeed be nice and it would solve the present problem MX faces.
Mania Exchange - Share your maps!
ASUS Maximus IV GENE Z / i7 2600K 3.40Ghz QC / 16GB G.Skill Ripjaws DDR3 / GTX 560 Ti
Need technical help for ManiaPlanet? Click here.
ASUS Maximus IV GENE Z / i7 2600K 3.40Ghz QC / 16GB G.Skill Ripjaws DDR3 / GTX 560 Ti
Need technical help for ManiaPlanet? Click here.
Re: [Security] Authenticating with a dedicated account.
I agree.this would allow fake accounts to be registered and linked
Login with a dedicated account is also unwanted on the player page. Legor actually just fixed that so it's not possible anymore. We really want to separate players and dedicated servers on the API, that is why we introduced the Dedicated class in the SDK.
Please do not PM for support. Instead, create a thread so that everyone can contribute or benefit from the answer!
Re: [Security] Authenticating with a dedicated account.
Thanks! 
Mania Exchange - Share your maps!
ASUS Maximus IV GENE Z / i7 2600K 3.40Ghz QC / 16GB G.Skill Ripjaws DDR3 / GTX 560 Ti
Need technical help for ManiaPlanet? Click here.
ASUS Maximus IV GENE Z / i7 2600K 3.40Ghz QC / 16GB G.Skill Ripjaws DDR3 / GTX 560 Ti
Need technical help for ManiaPlanet? Click here.
Re: [Security] Authenticating with a dedicated account.
If you want to separate Players from Dedicated, you should check the Dedicated part, too. For example, with https://ws.maniaplanet.com/dedicated/m4rcel/ I am able to get the data of my player-account. Bug or Feature? ^^gouxim wrote:We really want to separate players and dedicated servers on the API, that is why we introduced the Dedicated class in the SDK.
Re: [Security] Authenticating with a dedicated account.
Feature! Even if it's called dedicated, it also work for servers hosted with the game client itself (hence the isDedicated field). A player can always be a server, but this service will set for a player the isOnline field to 1 only if the player is hosting a server with his client.
Please do not PM for support. Instead, create a thread so that everyone can contribute or benefit from the answer!
Who is online
Users browsing this forum: No registered users and 0 guests