Hello Development team.

Discussion in 'Graveyard' started by Glader, May 17, 2014.

Thread Status:
Not open for further replies.
Watchers:
This thread is being watched by 2 users.
  1. Glader

    Glader New Member

    Local Time:
    4:55 AM
    You ought to really add a contact us section to your website. In your FAQ you advise people to contact in the off chance that they might be of use to your fan project. Maybe it's because it's 5am but I can't seem to find a way to contact you.

    Anyway, after poking around some of the assemblies that come packaged with your client I have to say I my interest was piqued. Lo and behold, Photon3Unity3D.dll. I was excited as I thought you were using Photon Server SDK. I've been utilizing that SDK for quite some time.

    I've been working on a massive project for awhile that attempts to wrap Photon as heavily as possible to keep the mmorpg-like cluster of applications I'm writing as agnostic as possible (but I'm lazy sometimes). What I've currently got is what I believe to be a maintainable, well at least code metrics claim so lol, serverside that should be quite scalable. It supports, and I've tested such, multiple gameservers as well as region servers. Don't sound like much but in a couple of days it'd be cake to launch several gameservers hosted anywhere with several other region servers connected to each gameserver. Think of a region like a zone in WoW. All written with scalability in mind. Say you're writing a floor based MMO with 100 floors or so. You could host 25 each on 4 separate terminals. Or, but what I'm working on doesn't allow for this, you could have a single region application host logic for several floors at a time. But enough about this.

    The system consists of 4 pure C# server applications and 1 Unity3D application; sadly I just don't believe there is an efficient way to handle collision, AI and Physics in pure C#. It's more likely that I'm not good enough to do so though and there is a solution out there. Just started work on the region server portion a couple days ago. I'm working on it, its scalability and its threadsafety. I want to make sure this is thread safe in the event that I choose to set the region logic that the gameserver manages to a completely different thread. Although I've access to 4.5 Tasks I only use them for non-time sensitive operations for obvious reasons. A lot of the blocking logic would most likely happen on the region application itself or on the threadpool through Tasks. With the setup I've written it's quite easy to designate a particular package/packet to be handles as a task or on the main thread. It's quite neat. Don't try to guess how I'm handling it though, I'd say it's quite unorthodox but it sure makes for clean looking code.

    Sadly though, after poking into your assemblies further than just at face value I realized you're not using Photon Server SDK. You're using Cloud or Pun. =( hope you don't mind if I share this 2 lines that I found in your project http://puu.sh/8PAM5.png

    I won't say that your networking lib is stinky or that it won't eventually support an mmo but I won't say it'll ever hold up in the end. While poking around your god pattern implemented networking class I noticed you're making web requests for some things. Not trying to be a jerk but that won't work in the end either. And a God pattern is never elegant, but clientside code... what can ya' do. Clientside code is never pretty. I can't say I like the code, god pattern everywhere isn't exactly beautiful, but the visual components that your project has are enticing. If you've done the art yourself it's pretty good.

    I'm not a designer, nor an artist nor anything of that type. I enjoy network programming, I like writing server applications and I like the challenges that come with it. Synchronizing between several different applications, preparing for future scalability, pondering efficiency, security, abusability and potential exploits. It's all pretty interesting to me. I'd have listed serialization but with Protobuf-net it's not much fun anyway =( it takes too much of the challenge out of it. If your team needs someone who can take your networking to an MMORPG level, meaning several applications external to Unity3D giving benefits that I'm sure I don't need to list, then I'm interested. Hopefully your not put off from my intrusion into your assemblies or my blunt/forward-ness.

    So, networking at your service if you'd like. If you give me some time I can present a PSO themed demo of the massive serverside I've been working on. It's written with scalability, maintainability and functionality in mind thus far. While I believe a networked game, and several features, can be hastily written I do not subscribe to the idea that such an effort will ever support real-world scenario traffic or usage.

    It's 5am so I'm going to sleep, but I'll check back. You can add me on Skype at: gladerscythe@hotmail.com

    P.S. If you don't want me I'd really advise you redesign your clientside at least. Everything of interest that I was poking around for was in some sort of self-proclaimed ___God class.

    PP.S. You shouldn't be keeping several mysql connection alive in your netGod. Connections are meant to be short lived, disposed of via the Disposable pattern and then gotten back when needed. Pooling happens under the hood so don't cache them. Maybe reflector is failing me but I don't even see you making reference to them in your code. Database stuff like that shouldn't ever happen at the client level though. You've completely exposed connection string. Like literally. I'm in your Database http://puu.sh/8PCuJ.png and with that I'll leave you for now.
  2. Glader

    Glader New Member

    Local Time:
    4:55 AM
    Oh and just to highlight the severity of the last portion. You don't hash your passwords. You know there are privacy laws in some counties that you're violating by not doing so. I obviously won't expose people's passwords, or do anything with them as I'm interested in your project, but come on guys.

    Pics or it didn't happen: http://puu.sh/8PCJa.png I also did an insert to prove write capability. Hope this doesn't ruin my chances of collaborating =P I do like your art. Looking more at your assemblies you're also open to SQL injection I'm pretty sure. Database isn't my forte though =/ http://puu.sh/8PDsS.png

    Edit: In light of all this stuff I'll probably rescind my offer. Not sure though. I might just continue developing my MMORPG solo as this stuff is a bit of a turnoff for the project.
    Last edited: May 17, 2014
  3. Glader

    Glader New Member

    Local Time:
    4:55 AM
    Logged into the game with one of the accounts in the database. Definitely not interested anymore. Fix your code quality, networking and security. You're definitely violating some EU privacy laws. I'm surprised you raised 12,000 dollars for the project. I feel bad for the people who donated after looking at the source code and everything mentioned above.

    Good luck.
  4. Cerberuspaw

    Cerberuspaw Senior Member Senior Member Indiegogo Backer

    Local Time:
    4:55 AM
    Geez. That was very in-depth, but I don't think you can hijack their dev team lol. With that kind of know how why not help them?
  5. Orion

    Orion Senior Member Senior Member

    Local Time:
    4:55 AM
    "One of the accounts in the database" Did he just uh...take someones information? But, yeah why not help them as cerb said you talk as if you know a lot.
  6. Crim

    Crim Guest

    Local Time:
    2:55 AM
    He did offer to help. Gave a lot of good advice. Then he changed his mind and said he wasn't interested in helping.

    But as smart as he obviously is in networking. He really had trouble figuring out how to contact them. Maybe because it was 5am, but to contact the guy working on the code, message Siegfre. I can tell you that he'd be happy tochat with you about what you found. Just use the forum communication system to start a conversation with him. To find him, you can go to any post he has made and click on his name. Or go to the members tab and staff is clearly highlighted. You can also add Ayrth and Keramory to your conversation with him because they are also involved with the development.

    Siegfre has said many times that he is not an expert at this. He is essentially learning the system as he develops the game. They have always asked that if anyone was interested in helping to please contact them. And even if you're not interested in helping develop the game, if you have advice or suggestions, he would love to hear about it.

    As for European laws, this is a US based company. I'm certain if the developers knew more they'd have more or better security. But I don't think what ever agency enforces those country's laws has much jurisdiction outside of messaging them and asking them to change some things. But I guess I could be wrong. But security is only as good as a hacker allows it to be. Retail and bank websites are full of security holes too. Right now their biggest leak is not coding things that travel over WiFi. But once that's fixed hackers will find another thing. If you wish to help with the security, please don't just point out the projects flaws. At least message Siegfre and give him some advice to fix these issues.

    Again, thanks for checking out the project. Assuming everything u wrote was right (I don't have the networking knowledge to say anything different), then I appreciate you helping by taking the time to help improve this game and the programming used to make it run. Please do remember that this is alpha stage, and a lot has gone into it, with even more work yet to do. All with only a small group of (I don't mean this in a negative way) novices working to make their dream come alive.
  7. Keramory

    Keramory Guest

    Local Time:
    2:55 AM
    ...did I just watch a guy pull a 180 before anyone even posted?
    That's got to be a record.

    As crim mentioned, Siegfre is our programmer and he is learning as he goes. I will say though after reading this, I'd choose Siegfre 10 times out of 10 because I can already see a horrible bedside manner I wouldn't want to deal with. I'm sure Siegfre will appreciate the advice you gave, so let me give you a tad bit as well. Work on your communication. The only thing I saw from this (last post aside even) was you inflating your ego. You know my password? 12 year olds know my password to my blizzard account. Although impressive, it's not THAT impressive. I fail to see why someone who knows as much as you know couldn't be bothered or figure out how to PM a developer.
    I've dealt with a lot of programmers and I'm telling you right now, the main difference between the good ones and bad ones isn't their programming ability, its the communication with other dev members or their communities. You might be surprised on how we got $12k, so I just gave you a very nice hint on how to do so.

    So to you too, I wish you the best of luck.
    Cerberuspaw and Rinhanakimi like this.
  8. calmchaos

    calmchaos Moderator Staff Member Senior Member

    Local Time:
    4:55 AM
    inbox.PNG

    new_convo.PNG

    message.PNG
    Keramory likes this.
  9. Glader

    Glader New Member

    Local Time:
    4:55 AM
    Edit: Never said I was good or that everyone should be impressed or anything. I could all walk you through step by step how to do it. The hole is literally so wide-open that someone like me, who has no knowledge of hacking and etc, can access the database.

    Yes.

    Thankfully I've only started programming quite recently. You know that it doesn't have to be a
    dichotomy, you can communicate and be a competent programmer as well. I think I communicated effectively as I could that the project has a major security vulnerability and several other issues that they'll hopefully fix.

    No ego inflating there. There would be no point as I was only returning to this page once more later today, and this is that time. It would be of no benefit. I get my kicks from producing software not from posting on a forum.

    As for the 180 you'll have to understand that it's a practically a story. As I was typing this up I was getting deeper and deeper into poking at the project. I decided I didn't want to end up like I had before so I opened up .Net reflector to make sure everything was ok. This led to noticing the god anti-pattern for classes, security issues and all sorts of other things. So towards the end it slowly slides into not-interested.

    Coming from a development team called Age of Aincrad, they were horrible, just needed to look out for any bad collabs. It's tough to find a decent one.

    Also, I am no a hacker. It's literally as easy as it could have been to access the database. The credentials were sitting in plaintext. I'd be surprised if several people didn't have a dump of all your accounts and passwords being it's so easy. I only looked at the source to evaluate the code.

    Bluntness and forwardness leave nothing unknown and like I said I didn't post for my own benefit. They need to fix the issues I raised.
  10. Stalwart_as_the_Mount

    Stalwart_as_the_Mount Senior Member Senior Member Indiegogo Backer

    Local Time:
    4:55 AM
    well If you know how to fix the security error it'd be nice to have your help even if it was just for that
  11. calmchaos

    calmchaos Moderator Staff Member Senior Member

    Local Time:
    4:55 AM
    Although you said you were only returning to this thread once more, I ask that you please finish up this discussion privately due the sensitive nature of the topic.

    Thread locked to prevent flaming of someone who was only trying to help in his own way.
    Keramory likes this.
  12. calmchaos

    calmchaos Moderator Staff Member Senior Member

    Local Time:
    4:55 AM
    Moved to the staff section for safe keeping
  13. Keramory

    Keramory Guest

    Local Time:
    2:55 AM
    He was bragging about editing our files so I banned him for two weeks.
Thread Status:
Not open for further replies.

Share This Page

  • Facebook