Page 1 of 1
Hook into Connect before Login
Posted: 17 Jan 2024, 12:38
by Void*
Is it possible for us to hook into the initial client connection, before the user tries to logon? Alternatively, are anonymous extension calls to the Zone supported?
I'd like to do some key-exchange for ECDH with the client before they send their login credentials.
Re: Hook into Connect before Login
Posted: 17 Jan 2024, 13:15
by Lapo
Hi,
no sorry there isn't a mechanism to invoke Extension prior to having logged in. It would open a whole pandora's box of security exploits and attacks.
The only allowed interaction is the login request.
Cheers
Re: Hook into Connect before Login
Posted: 17 Jan 2024, 13:36
by Void*
No problem - thanks for your response
Re: Hook into Connect before Login
Posted: 17 Jan 2024, 15:18
by SmartfoxEnjoyer
Hi, I had this same issue, now I just login as guest into a separate Zone/Extension called GuestExtension/GuestZone. Then I send my requests and as soon as server has sent the response, I disconnect the guest.
So for every request (before login as user) I do this:
1.Connect as Guest
2. Send request fom client
3. Receive request on server
4. Send response from server to client
5. Server disconnect that guest
6. Client receives response and disconnection notice.
I use a GuestConnection for RequestServerList, InitialJoinServer(Server has to validate (not full, active, etc), SignUp, Activate Account.
Hope that helps you!
Cheers
EDIT: This may be susceptible to flooding/DDOS attempts by guest connections, so you have to do some checks on server side to temporarily ban IPs if they send too many guest requests in a short amount of time.