I took one package and re-sent to the server with wpe pro, hoping nothing will happen (in best case even disconnect me beacuse i was doing something ilegal), but to my surprise EVERYTHING WORKED AS THE REAL APPLICATION WAS SENDING THE DATA. I opened the chat example, the WPE Pro and started sniffing on that example. Everything worked fine, so i decided to check security. I installed it in my remote server, installed the advanced chat example for flash in my PC and run it. Anyway, for my new project I decided I dind't want to spend time writing a server and checking every security problem, so decided to give SFS a try. I resolved this checking for application authenticy, that is, checking that every packet coming from the client was from the game and no other application. For my unexperince and lack of knowledge I really didn't know you could inject data to an already connected socket (i was aware about sniffing but not injecting data!), this resulted in huge problems in the game when some malicious users attacked with WPE Pro (which by the way is really easy to use and they could do almost anything in the game). I have already developed a multiplayer game, at that time I ignored the existance of SmartFoxServer so I wrote my own Java server that is running on a VPS, obviously much more limited than your product. I am really interested in using SmartFox Pro for a new project I am working on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |