自动获取口令/账密登录 #1186
Comments
|
The main reason for not using account and password login in the game at present is that the network module of the game does not support SSL, which means that the account and password will be sent in plaintext to the server. |
|
For now if we don't really trust about local "cookie" saving, we can try to extend the authorization code longer, like up to 24h instead of 30 minutes. So assuming someone usually play everyday they will not have to relogin again Another attempt is using a AES-256 keys pair, one public one private. Like for logging the first time the user will get the authorization code but it is actually the certificate key pair. This key pair can be used to encrypt and decrypt requests, also if the request is modified by somehow, the server can simply return error. We should also consider HMAC, key diversity (one session use a seperate key), key invalidation (after 4/8/12/24h) (or key rotation can be used); timestamps also can be used so we can check if a request is being blocked and tampered |
现在登录太不方便了
获取的口令很快就会失效,基本每天玩的时候都要:
打开多人模式 - 点击获取口令 - 跳转浏览器 - 输入账号 - 输入密码 - 手动切回游戏 - 粘贴口令 - 连接服务器
但是如果游戏内保存账号密码登录就可以简化成:
第一次:
打开多人模式 - 输入账号和密码 - 连接服务器
以后:
打开多人模式 - 连接服务器
这样多人模式就会更容易进入,在线人数和活跃人数甚至用户数量都会变多
很爱铁壳,但是登录太难受了。改完以后甚至可能成为群友tetrio的替代品(?
The text was updated successfully, but these errors were encountered: