HeroEngine Forums
Welcome, Guest. Please login or Register for HeroCloud Account.

Author Topic: [Fixed in Upcoming Release] Account names still available in Sapphire  (Read 2265 times)

FI-ScottZ

  • General Accounts
  • *
  • Posts: 1407
    • View Profile
    • Forever Interactive, Inc.

After reading this post in the forums about Sapphire:
https://community.heroengine.com/forums/index.php/topic,3563.msg19511.html#msg19511

we changed our login procedure, as we were one group filtering on account names.  But I recently found some of our other code that is still getting the account name.  It uses the server external function GetPlayerAccountName().

I see in the Who's Online window, it is showing the obfuscated name, and that it uses the function LookupAccountNameByAccountID().  So that one does not return the name anymore, but GetPlayerAccountName() still does.

Just thought I'd point that out in case it was an oversight.
« Last Edit: Dec 11, 16, 01:12:28 PM by HE-SARRENE »
Logged
Scott Zarnke
Lead Programmer, Visions of Zosimos
CTO, Forever Interactive, Inc.

AlderonGames

  • World Owners
  • ****
  • Posts: 20
    • View Profile
Re: Account names still available in Sapphire
« Reply #1 on: Jan 15, 13, 09:54:39 AM »

That's a shame, It seems now their going to remove this / replace it with the hashed version.
Logged

HE-CHRISTOPHER

  • HeroEngine
  • *****
  • Posts: 424
    • View Profile
Re: Account names still available in Sapphire
« Reply #2 on: Jan 15, 13, 10:57:39 AM »

It is a security issue to expose the account name.  You can however use the hashed value as it will remain consistent within your particular world from one login to the next.

In the near future GetPlayerAccountName() will return the hashed value properly as well.
Logged
Christopher Larsen
CTO
HeroEngine

FI-ScottZ

  • General Accounts
  • *
  • Posts: 1407
    • View Profile
    • Forever Interactive, Inc.
Re: Account names still available in Sapphire
« Reply #3 on: Jan 15, 13, 11:15:29 AM »

gotcha
Logged
Scott Zarnke
Lead Programmer, Visions of Zosimos
CTO, Forever Interactive, Inc.

FI-ScottZ

  • General Accounts
  • *
  • Posts: 1407
    • View Profile
    • Forever Interactive, Inc.
Re: [Resolved] Account names still available in Sapphire
« Reply #4 on: Jan 16, 13, 02:17:04 PM »

I don't know if this is being addressed, yet, but in relation to the account names not being available anymore, but I just noticed that the server method _KickPlayerConnection() in _playerConnectionClassMethods is still using names.

So, the account_name field of the _playerConnection will become hash as well?
« Last Edit: Jan 16, 13, 02:19:13 PM by ScottZarnke »
Logged
Scott Zarnke
Lead Programmer, Visions of Zosimos
CTO, Forever Interactive, Inc.

HE-CHRISTOPHER

  • HeroEngine
  • *****
  • Posts: 424
    • View Profile
Re: Account names still available in Sapphire
« Reply #5 on: Jan 28, 13, 09:28:31 AM »


The _playerConnection account_name will have the account hash in the upcoming Sapphire.j update.

Logged
Christopher Larsen
CTO
HeroEngine

FI-ScottZ

  • General Accounts
  • *
  • Posts: 1407
    • View Profile
    • Forever Interactive, Inc.

Quote
You can however use the hashed value as it will remain consistent within your particular world from one login to the next.

Hi, Christopher,

I have been thinking about this and I hope you can clarify using the hash codes.  How will we be able to know which hash code goes with which account?  Perhaps in the account management of the dashboard we can view the hash codes of the accounts?

I am imagining an account logging in and we read their hash code. Then what can we do with it?  We might have a lookup list mapping that to an account, but how would we build that map in the first place?  There doesn't seem to be any good way to, for instance, display the user name in the game.

And for a friends list, I imagine people would generally be friends with other users, not specifically their characters.  So what name to show?  Maybe have the users create a name for display in the game that is just a string field separate from their formal (hidden) user name?
Thanks.
« Last Edit: Jan 28, 13, 10:19:58 AM by ScottZarnke »
Logged
Scott Zarnke
Lead Programmer, Visions of Zosimos
CTO, Forever Interactive, Inc.

HE-CHRISTOPHER

  • HeroEngine
  • *****
  • Posts: 424
    • View Profile

You will not have access to the account name.

There is no reason, and it is a bad idea, to expose account names to other players.  As a part of the security improvements, the account name is totally inaccessible and we will not expose it to game developers or other users.  The only things available as a developer in relation to the account is the account hash and the account root node id.

If a game system needs a user friendly name associated with an account, you could easily leverage the HSL Social System to add a new field to store and communicate that data (or implement a custom solution if the Social System is not appropriate for your game).

Of course there are other issues, most games tend to handle "friends" on a per character basis because often users want the ability to play "alts" without being pestered by everyone who ever befriended them.







Logged
Christopher Larsen
CTO
HeroEngine

FI-ScottZ

  • General Accounts
  • *
  • Posts: 1407
    • View Profile
    • Forever Interactive, Inc.

Just noted that server-side external functions LookupAccountIDByAccountName() and LookupAccountNameByAccountID() are still in there, which are presumably now deprecated.
Logged
Scott Zarnke
Lead Programmer, Visions of Zosimos
CTO, Forever Interactive, Inc.