Libraries made with Etna
Gnet (master server)
Gnet is a very simple system to track 'games in progress'. Servers add themselves to Gnet via GNET_AddServer(), while clients can locate servers using GNET_ListServers().
Gnet was written by Mark Sibly, so 100% of the credits go to him! The Etna version allows to avoid the freezing of the game while doing a request on the remote database.
Gnet was designed for Blitz users, who can use the master server on www.blitzmax.com for free. For other language users, this is very simple to add a master server on your own web page, just install gnet.php and the mysql table gnet.mysql.
The documentation for Gnet is available in the Gnet/ folder of Etna. There is also one simple example in BlitzBasic and BlitzMax. Check on www.blitzbasic.com/gnet/gnet_servers.php while running them!
You can start from these examples and the php file to add functionnalities like player counting, score, status of the game and more! (to be installed on your own web site of course)
Security issue / Encryption
Built-in encryption
ETNA is using a very reliable encryption algorithm: RC4. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10^100. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. Independent analysts have scrutinized the algorithm and it is considered secure.
If you use encryption with ETNA, you will need the counter-part on the script/server side. The functions you need to encrypt/decrypt in php are available in php/ETNA_encryption.php in the ETNA package. Just do an include of this file in your php file: include 'ETNA_encryption.php';
See the tutorials on encryption to see how encryption is working (and how easy it is).
For improved security:
- Encryption works only for a call to script with arguments! Avoid using scripts without arguments.
- Use encryption key hard to guess.
- Do not use too short encryption key (8 characters or more).
- Do not put your php scripts in an obvious place in your web site. "mygame.com/dfFGD/dsfGF/score.php" is better
than "mygame.com/php/score.php".
- Do not give too much liberty to your script: avoid putting commands like "erase an entire database table". Try to
have options in your script that are harmless to your database.
- Tip for maximal security (if your game has a large community): in the current situation, a clever hacker could
"sniff" the packet you are sending, and, although he will be unable to understand the content, he could
send this packet again. The packet will then be received by the script on the server, decrypted and some
action will be taken by the script. So the hacker could use your php script even when encrypted.
Of course, this is something which is not simple to do, and you are unlikely to find such players/cheaters in the indie world!
To avoid this, the simplest trick is to add a counter to each command you are sending to the script file. The counter is incrementing after each new command and the script file check the value of the counter: if the counter corresponds to the expected value, the command is executed, otherwise the command is silently refused (this is what will happen if a hacker resend a packet, since he is unable to increment the counter). For more robustness, you could use pseudo-random numbers instead of simple counters.
MD5 encryption
In certain situation, you could also use md5 encryption. There is no way to decrypt a string which was encrypted with md5, but md5 encryption is useful in certain cases like sending password over internet, etc. Here are some references:
- md5 for BlitzBasic: here.
- md5 for BlitzMax: here.
- md5 is a command by default in PureBasic: see the "Cipher" section.
