Secure player ID introduced
Verified Player Id
- Player id was not enough reliable in the past and was vulnerable to hackers that could use fake player id instead. The new Secure id system adds additional signature to player ids to ensure this is no longer possible. The entire system was designed to be invisible to the players and does not require any form of direct user interactions, these signatures are generated automatically as needed. As this is quite major change, we need to roll up this system gradually. We ask server admins for help in order to make the transition as smooth as possible. Initially, we suggest to use only basic (optional) level of Secure Id on all servers, that is going to ensure certificates are assigned to majority of existing multiplayer audience and possible errors are found.
- Since 1.62 there is a server setting available which was not documented yet, as there was missing infrastructure on out end. Server admin can turn on player ID validation using requiredSecureId in the server.cfg. There are two values available:
- When requiredSecureId=1 is used, all playes are requested to provide a validated ID. If the player does not provide a validate ID, he can still connect to the server, but a warning message is shown and his ID is shown with a question mark in the #userList when admin issues this command.
- When requiredSecureId=2 is used, all playes are requested to provide a validated ID and any player who does not provide it will not be allowed to connect on the server.
- The functionality was tested internally, but no tests were done in the public environment yet. If something goes wrong, your server might become unusuable for some users. We strongly encourage server admins to use requiredSecureId=1 for some time, this should lessen the impact on your server in case anything goes wrong (the authentication server could go down or be overloaded initially, and you probably do not want your server to be unusable as a result). Moreover, we would like the server admins to start using it gradually, to reduce the load on our server. As the functionality is not well tested yet, we think only admins feeling adventurous and willing to experiment should start using it now.
- The secure ID system is designed to be as much independent on our central server as possible. Most often the player will not contact our server at all, as the validation is done on the game servers. Still, each player needs to connect to our server at least once, therefore it is possible our server may become overloaded, especially if many server admins will start using the system. Once most players are already validated the load on our server should be reduced and we can proceed to wider deployment of the technology. We expect this to take a feew weeks, after which the recommended setting will most likely change to requiredSecureId=2. If everything goes well, patch 1.63 will probably contain requiredSecureId=2 as a default setting (the server admins will still be able to disable the functionality or make it optional should they wish so).