Showing posts from August, 2010


I added forms authentication to the EnigmaWeb website tonight. I finished my procurement plan for school, did one quest on DDO and decided to be somewhat productive. Yes schoolwork doesn't count. ;-)

So at any rate I'm quickly realizing that the EnigmaWeb project although completely necessary is almost like another project itself. Players expect more and more from these types of sites like being able to check pvp or guild ranks. Some games even allow the players to check other players gear and stats from the web interface. I'm not too sure I like that last idea though because anyone who does well will just get copied. But anyway point just being that it has a whole work load of it's own and I'm debating with myself if I'm going to add that type of stuff for version one. I need at least basic account management stuff which is totally cool but I need to decide where that cut off is soon. I will probably end up just adding stuff to EnimgaWeb as I need it for testin…

Adventures in Hashing

So first the good news. I have the authentication working with a test user I added via the web interface that I have created. I'm pretty happy about that but the bad news is that I'm gonna have to break it again because my custom hash algorithm isn't up to snuff. As it stands now someone could in theory figure out what the original password was just is obviously not gonna fly. As much as I rant about people not paying any attention to security I can't let something so glaring slide. Not that Enigma is secure or anything considering all the pieces that are missing for validation and such but you know what I mean I don't want to engineer these issues in.

So anyway here is what lead me to what we have now. First I was trying SHA1 using openssl I have been using that since I first added the login code even though the server just excepted any user with any password. My first problem happened when I couldn't find a way to create a SHA1 hash with the dotnet wrapper for…


Relatively recently a reader contacted me and told me about Berkelium which is a off screen render similar to the OffScreenGecko library that I'm using now in Enigma. I bookmarked it but I hadn't gotten around to playing around with it. However tonight I decided to try a test implementation. I used the binaries and headers for windows available on the Berkelium site. I got an initial implementation created but I wasn't able to get it to link correctly. A few but not all classes and static functions resulted in unresolvable symbol errors. So I rolled back to the old renderer but left all the code in place. I will revisit that at some future date as it isn't really needed for this release anyway I just wanted to give it a go and see if I could get something to work.

For the purpose of testing the browser after the roll back I commented out the code that was calling into the new authentication logic which is the way I committed it to SVN. It was just as well because I'…