Maniaplanet Forum

Rax had told me that he connected an MX account with a dedicated server login. Can you explain why this is possible? Authenticating with a dedicated server account through the player page is surely a security hole to some extent as it isn't even a valid player.

I just tried and it is indeed possible. It is an unwanted bahviour, though I'm not sure why it could be a security risk. In ny case, it will blocked soon.

I don't find it bad !... but it would be a good thing to have a isDedicated flag in the player object then, so a client would be able to accept or reject the connected login.

Same with \Maniaplanet\WebServices\Players() ->get() : a isDedicated flag would be nice.

Maybe not so much a security (over exaggerated it there) problem as much as it is a problem in general. It becomes a problem for MX because this would allow fake accounts to be registered and linked.

Edit: I agree with Slig's suggestion. A flag would indeed be nice and it would solve the present problem MX faces.

this would allow fake accounts to be registered and linked

I agree.

Login with a dedicated account is also unwanted on the player page. Legor actually just fixed that so it's not possible anymore. We really want to separate players and dedicated servers on the API, that is why we introduced the Dedicated class in the SDK.

Thanks!

gouxim wrote:We really want to separate players and dedicated servers on the API, that is why we introduced the Dedicated class in the SDK.

If you want to separate Players from Dedicated, you should check the Dedicated part, too. For example, with https://ws.maniaplanet.com/dedicated/m4rcel/ I am able to get the data of my player-account. Bug or Feature? ^^

Feature! Even if it's called dedicated, it also work for servers hosted with the game client itself (hence the isDedicated field). A player can always be a server, but this service will set for a player the isOnline field to 1 only if the player is hosting a server with his client.