Click here to Skip to main content
13,047,596 members (59,106 online)
Rate this:
Please Sign up or sign in to vote.
See more:
Hello everyone, this is my first time i post any question here.

So I need little help with TCP connection for one gaming server, so basically gaming server is shell and has configs to make it using remote by connecting on 3443 port but with USERNAME and PASSWORD. Is there any possible way to do it? And if it is would someone like to help me?
Posted 20-Nov-12 12:12pm
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Yes, but it won't be TCP, strictly speaking. The approach to such things is considered in the following way: you create another protocol over TCP, the one of the application layer:[^].

And this protocol could be custom or standard (see the list on the article referenced above), but it should have provisions for your username/password. There is always an application layer of the protocols on this layer, even if you don't call it a protocol, but you better do.

Now, in this feature, there is nothing going beyond just one TCP connection. Two parts of connected hosts exchange messages in dialog-like manner.

Now, the authentication itself is a big security issue. If a user sends a password directly, it always can be eavesdropped. If your service host stores the passwords in their original form, someone can steel them. But password belongs only to a user who created it; no one, even the administrator, has no right to know passwords. Are these problems resolvable? This is very non-trivial question, but the answer is: yes!

(In fact, passwords should never be stored. This is absolutely not needed for authentication. If you are surprised, keep reading.)

There are somewhat different approaches, but the most usual approach is based on the combination of two encryption technologies:[^],[^].

You dialog should resemble the dialog between Alice and Bob explained in the first article referenced above. Your service and client parts should create a brand-new pairs of keys each in every authentication act. This way, even of someone permanently listens to the packets being sent/received, it cannot make it possible to impersonate the client. This is basically similar to how HTTPS with SSL work. And second technology allows to avoid sending any password in their original form through the network at all.

See also:[^],[^].

On the topic of password storage and hash functions, please see my past answers:
storing password value int sql server with secure way[^],
Decryption of Encrypted Password[^],
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^].

By the way, keep in mind that your custom connection might not pass firewalls. Just think about it.

Rate this: bad
Please Sign up or sign in to vote.

Solution 2

S A Krykov has given a comprehensive answer. I just want add one point...

I strongly recommend that you use PKCS #5 standard to implement password based authentication.

See[^] for details.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170713.1 | Last Updated 21 Nov 2012
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100