Results 1 to 18 of 18

Thread: Help test Seth's thing: Space Casino (a multiplayer web door-game like thing)

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Administrator Seth's Avatar
    Join Date
    Jul 2002
    Location
    Japan
    Posts
    5,356

    Cool Help test Seth's thing: Space Casino (a multiplayer web door-game like thing)

    Hey guys,

    Here is a new thing I made. It's pretty basic but I hate to play with new technology without actually putting something out the door at the same time (even if tiny), so here we go:

    Name:  sc2.jpg
Views: 323
Size:  122.2 KB

    It's browser based but requires a pretty powerful desktop to play, probably won't work on mobile

    Play here

    So why am I using Facebook at all? Especially since they seem to like handing out your private data to anyone? Well, laziness.

    For for a multiplayer game (such as it is) hardening is important and is quite a burden to a tiny dev. A lazy tiny dev like me.

    By tying the logon to something external I save myself a lot of responsibility.

    For example, I don't have to do the following things:

    • Monitor accounts created by IP address and limit how many per hour (to stop account creation attacks) (good thing I don't have to do this, because Unity's websocket implementation doesn't even support getting the IP for some reason)
    • Do IP lookups and stop new accounts from known vpns (again, to stop account creation attacks)
    • Ask if the users are 13+ for COPPA reasons (FB accounts are assumed to be 13+)
    • Keep a database of places where people can get unlimited email addresses easily and blacklist them to help with account creation attacks
    • Require the users email and password
    • Insure user passwords are reasonable (ie, not 1234 etc)
    • Insure user passwords are properly securely stored and in an encrypted format. This is important because if I got hacked and users use the same password at multiple sites, it could cause them to lose a lot more than progress in my dumb game. By using an external system I avoid this possibility.
    • Deal with things like user's that need to change email addresses and passwords (although if someone lost their FB account.. uhh.. well, not much I could do. I don't even know the user's email address so that couldn't be used to verify the owner)


    The FB part isn't important, I'd like to support the same thing by using other third party login systems like Twitter and OpenID (what else would be good?) but I haven't gotten around to figuring out how those work. There is also the issue of wanting to allow logins via native iOS/Android apps (non-web) which FB supports with its own plugins but I don't know if the others support this.

    The good news is if my servers got hacked, you don't have to worry about any private data such as email or passwords being made available as I don't have any stored. The bad news is that even the minimum FB permissions I request contain your real name, which is private info you shouldn't gave to share with me. (I don't need it or use it)

    Unfortunately FB has sort of completely forgotten about the "Anonymous facebook login" system they promised years back. It wouldn't help FB to stop stealing your data in other ways, but at least you wouldn't be giving ANY data (like name) to app-devs like me.

    To those not comfortable using Facebook to login: I totally respect and understand this. I've added a "Play as a guest" option so the game can sort of be experienced without any login required.

    Special thanks to Akiko for blendering up some 3d models and making the title screen for me.
    Last edited by Seth; 03-27-2018 at 05:13 AM.
    Seth A. Robinson
    Robinson Technologies

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •