Feedback & Suggestions

A Former User

Working

How to work with clans, has not understood yet

Forsaken

Looks like this is shaping up into something nice. Good job!

tai

Ok guys, as main developer I have to say thanks for the testers, but if you want the powerful rewritten version, you have to be patient. It’s quite hard to reprogram something like that from scratch!
Maybe someone has a PHP-Coder that could speed up the progress? Would be nice.

I’m putting it into the Forge this week, I promise!

New features of the new Version will be:

• multiple bank accounts

• shared bank accounts

• Plugin System for FLHook

• (Plugin System for webinterface)

• much cleaned up code!

• Depot feature will come later

So feel free to add suggestions!

@Helloween: How do you use it? with some kind of forum software or with standalone login by bulldog, on each version you need to have usergroups for the clans, so if you are in a clan usergroup, you get access to that clan’s “page”, group leaders get clanadmin rights

A Former User

2Tai: Standalone. While only for myself. I am afraid to hang out in an Internet since communication with flhook goes on not secure channel…

It is a pity that the remote interface of flhook not ssh

Whether are there any telnet<->ssh tunnels?

P.S. Thx for clans note

bulldogg

@tai - if you send me the database schema for this ill create a php installer for you if you want

tai

yeah I’ll do, but it will take a while, haven’t even got char connection ready

only feature that has been finished is the Bank, atleast from what I know

@ssh: hmm let’s get a developer to do that ^^

hmm you also could use a python script as ssh-server, that forwards the commands to flhok, if you run that on the server, all will be fine, I think at least

tai

Okay news on the encryption thing:

• I could use Blowfish on the PHP-Side, which won’t require a PHP-Addon like SSH

• Some C++ dev maybe could add encryption+decryption with blowfish to FLHook(maybe even me)

This would work!

A Former User

Another one idea to encrypt user/admin session:
1. Web Server must be on machine with Fl Server or placing with same secure firewalled LAN
2. Web Server must use only Https protocol with pre installed self-signed sertificate and port forwarded to outside to Internet
3. User connects to it from Internet by browser like https://myFLProfile.atThisFL.Server

So sessions between web server and fl server are secured against public access from internet

And session between web server and user are secured by https.

w0dk4

Why do you need encryption?
I mean, gameservers and webservers in most cases run on pretty secure networks so man-in-the-middle attacks are somewhat unlikely.

A Former User

I am afraid that when using a web interface to hook over internet administrator password may be intercepted .

Worfeh

@HeIIoween:

I am afraid that when using a web interface to hook over internet administrator password may be intercepted .

Believe FLhook can set the IP’s who have admin rights from the console.
And “standard” admins shouldn’t have console access to flhook, just ingame.

tai

@Worfeh: It’s all about the webinterface

A Former User

@Worfeh:

Believe FLhook can set the IP’s who have admin rights from the console.

I believe. *nix and active networking hardware may do this too, but why all using ssh? For more security reasons.
After all Besides udp-flood and trojans there is still a heap of any mucks, sniffing of passwords for example.
All know, that “True” protection does not exist, everything can be broken, but prevention is never thwarted…
Especially in view of recent events %((

And “standard” admins shouldn’t have console access to flhook, just ingame.

I agree. But we want, that all administrators could do the work through the web interface without remembering a command and without starting game in the same way as it is done by system administrators on almost any device or a server

M0tah

I’ve finished implementing Blowfish encryption over FLHook’s socket connection. I’ve made new builds of both my FLHook (zip) and the plugin version (the changes couldn’t be implemented as a plugin) with the encryption option. In addition, I extended the telnet class used by FLSES to make a BlowfishTelnet class that functions exactly the same as the original class but with encryption, so it’s a drop-in replacement. It’s attached to this post and uses the Crypt_Blowfish package to do the encryption/decryption.

tai

nice one, thank you m0tah

A Former User

Thx M0tah!

M0tah

I’ve updated both of the builds to fix two bugs I found: FLHook sometimes wouldn’t send any data over the socket connection when it should have and the “Goodbye.” message wasn’t sent encrypted.

I also made a dummy windows socket DLL that can make any application that uses windows sockets 1 send/receive encrypted data. This means you can use it to “retrofit” any existing FLHook build to be compatible with the blowfish encryption. You can also use it to make the command line telnet utility that comes with Windows compatible with the encryption - just copy telnet.exe from the system32 directory to a new directory and copy wsock32.dll and key.txt to the new directory and run telnet from the command line as usual. It can be downloaded here.

tai

Great, now it works ^^

It did not work for me at all, so I thought it is because of my setup, tried to get it to work for more than an Hour xD

Great work m0tah!

tai

I would like to have feedback on these:

Bank account overview:

Bank Account Management

Bank Charoverview(Currently in Development)

Suggestions and everything else is Welcome

tai

damn my Computer just broke yesterday evening, can you imagine? My mainboard just behaves like last time, no beeps, no lights, that’s the second time, now I wan’t my Money back!

Sorry Developing of FLSES will be on a hold untill I’ll get a new Mainboard, maybe it’s more than a week, maybe even more than that!