Ok, let me see if I understand the security issue. Because TWGS doesn't have a client, there is no way to encrypt the password before it's sent to TWGS, meaning it could be intercepted by a TWGS op who's interested in gathering TW community passwords? If that's the case, then yeah, I think there needs to be an intermediary, maybe require the user to enter the info into a browser, and then the validation takes place and TWGS is notified of the result. This way, no information passes through TWGS. That would work.

Not only is that possible, but anyone from the client to the server could also intercept it (ISP, etc). Additionally, all passwords are stored in tedit, so all a sysop has to do is go to tedit. Granted, those passwords could be encrypted or hidden, but it would need to be reversible and thus a security hole is born.

Where would you store this kind of info at? It would have to be connected to their user profile here, or someone could just pretend to be that user. Basically what we need is a place inside the forum, a module in the user area, that lets people set key-value pairs. The key would be the server name, the value would be the secret encryption key. The user would login by providing the secret value, the server would encrypt (AES 256) their username and salt with the secret value (to prevent rainbow tabling), perhaps iteratively (key store standards specify 1000 times), and send that back to the forums. The forum would then reply pass/fail.

This would provide security provided that they use a different secret key per server, which could be enforced (should be) within the module. That way no sysop ever has access to their user's forum accounts, and anyone sniffing the traffic would only get one access code (which would be no different than now) to one server. If a user was concerned about security, they could just change that code over time. We could even randomly generate alpha-numeric codes for users within the module, and automatically change them every 60 days.

Of course, this gets away from "quick and easy". I'm interested in doing something that's reasonably easy to implement, if there's a chance it can improve the games. Too much work and it's quickly not worth it, because there's no guarantee this would even benefit the community.

I guess I'm not aware of all of the security implications. How is it different to have a special login on the forum for gaining access to a particular game, vs just logging in to the forum? Any security risk in the special login would also exist in the forum login. And once the forum code validated the user's login, TWGS could request a pass/fail for that user, maybe based on an ID for the server, whenever the user logs in. The player would not store any forum login info (other than username) on any server. I don't even think it would be necessary to validate an account with the server on every login, just the first.

Here's the procedure I'm thinking of:

1) Player connects to TWGS and opens a secure game
2) Player creates an account using his/her forum username and a password (not the same as the forum password)
3) Player is instructed to enter a web address into a browser to gain access to the game. TWGS provides a key that's specific to that server.
4) On the forum, a php script accepts the user's login, which includes the username, password, and TWGS key. It validates the login, then stores this username and TWGS key pair in a database.
5) When the player attempts to login to the game, he'll use the username TW-specific password, no different from today's login. TW will post a request to the forum, passing the username and TWGS key. The php script will check the db for validation, then return pass/fail to TWGS.
6) If user validation passes, the player enters the game. If not, the player is denied entry.

This seems reasonably easy and straightforward to me. Where am I going wrong?

How about somthing simpler:

1) Player connects to TWGS and opens a secure game
2) Player creates an account using his/her forum username <no password>
3) Player receives a PM with their temporary password they can use to login to the game
4) Player can change the game password if desired after they login

Does TWGS post an event to the forum that tells it to generate the PM?

This requires a bit more integration with phpbb than what I was thinking. I'm going to need to learn some phpbb integration to do this, I'm sure.

That is simpler, but that means that each server would need an account in the forum. That might cause some problems with the anti-spam system.

I would think it would be simular to how Jumpgate is posting to the WIKI, but I don't know how the WIKI or forumn work.

Someone could also use it to intentionally generate spam. Would need to make sure the user's IP is not used more than once per game.

Would that web address part of TWGS or part of the forum?
If it's part of TWGS, then it doesn't auth against the
forum credentials. It also expands the scope of the server
a bit.

If it's part of the forum, then how do the forum and server
agree upon a common code in advance? How does the twgs
server auth against the forums?

IP verification is easy. Just store a hash of every IP address a person uses during "secure" games and reject any attempts to reuse an IP.

If the server was https, we could provide a server w/ a login/password and have it log in and send the messages itself. That would eliminate problems with spaming, and the process would be fairly locked down. It could be made to work, just generate a random password and PM that to a user's account.

The web login is part of the forum, though it would be a custom php script added to the forum to support this functionality, but using the same methods that the forum uses for its own login.

TWGS provides an ID that is associated with the user's validation in a database. When the user logs in to TW, it passes this same ID in to the forum. The forum doesn't need to know anything about the server. It's a simple database lookup on the server ID and username to see if the validation record exist.

I must be missing something. What prevents me from claiming to be someone else?

You're saying generate the same code between TWGS and the forum? How would that be secured?

Ok, so you log in to a TW game under someone else's user name. TW tells you to login to the forum using your user name, forum password, and a TWGS ID. You go to the login and it asks you for your password. You don't have it. You're done.

On the other hand, suppose someone already created an account under this TW game for that username. You try to logon to TW under that user name, it asks you for a password, you don't know the password, so you're done.

The first step is creating a secure game account. The second step is generating a validation record on the forum by logging in with the TWGS ID. The third step is to log in to TW, TW verifies that a validation record exists on the forum for the game's ID.

What am I missing?

Ok, so I'd log in and put that TWGS ID someplace in my forum profile for that game? And it would verify that it's there? That would work then.

You'll still need a module to manage those IDs, and with a system like that authorization would be server-wide rather than game specific (unless you expand the module to include games too). Will also need a way to add that information to someone's profile, or make it viewable by TWGS.

Right. I'm just talking about creating a database table to store it. I don't think it has to be integrated with the forum. All I want from the forum is validation of the forum login, validation of the user account. This database would just contain the username and the TWGS ID. But yeah, the ID would need to be game-specific, not server-wide.

I can see this as being a bit of an issue. I would want the ID to be a manageable string. Nothing like a GUID or a long hash, because those would be too long, especially since it's not always easy to cut and paste from a TW connection. There can't be a collision between two games. So asking the player to key in a unique ID for a game might be a problem.