Kirk Black wrote:
3. Aside from server security, there is the matter of account password
security. How can I fathom giving away the full source code and thus giving
anyone the ability to network snoop and easily grab customer
account/password data? This account password data not only gains access to
playing the game but also gains access to customer billing information which
then becomes a huge issue.
This is folly. Don't confuse the notion of authentication with recording
of entitlements and payments made.
Your open-to-the web should obtain player credentials, and then connect
with an internal server to confirm those credentials. If you charge by
the minute of play, then the response might include "Authorised for 50
minutes." All your game server needs to know is some kind of
identification (players nick) and for how long.
Watch for duplicate logins, toss the old one: the legitimate owner is
likely to complain and you can sort things out.
Billing can be done safely with OSS: I believe these websites use OSS,
but I forget which:
http://www.stormcomputers.com.au/
http://www.techtopia.com.au/
RH used to ship something called interchange: I think it's changed its
name and that is what those sites use.
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
