使用用户名和密码的TCP连接 [英] TCP Connection with username and password

问题描述

大家好，这是我第一次在这里发布任何问题.

因此，对于一台游戏服务器的TCP连接，我几乎不需要什么帮助，因此基本上，游戏服务器是Shell，并且具有通过使用3443端口但使用USERNAME和PASSWORD进行连接来使用远程配置的配置.有什么可行的方法吗?

解决方案

是的，但严格来讲，它不是TCP.可以通过以下方式考虑解决此类问题的方法:通过TCP创建另一个协议，application layer:
之一 http://en.wikipedia.org/wiki/Application_layer [ http://en.wikipedia.org/wiki/Public-key_cryptography [ http://en.wikipedia.org/wiki/Cryptographic_hash_function [ http://en.wikipedia.org/wiki/HTTPS [ http://en.wikipedia.org/wiki/Secure_Sockets_Layer [以安全的方式存储密码值int sql server [ ^ ]，
解密加密密码 [我已经加密了我的密码，但是当我登录时却出现了错误.如何解密 [ ^ ] .

顺便说一句，请记住，您的自定义连接可能不会通过防火墙.想一想.

—SA

S克雷科夫给出了全面的答案.我只想加一点...

我强烈建议您使用PKCS#5标准来实现基于密码的身份验证.

参见 http://www.rsa.com/rsalabs/node.asp?id=2127 有关详细信息，请[ ^ ].

Hello everyone, this is my first time i post any question here.

So I need little help with TCP connection for one gaming server, so basically gaming server is shell and has configs to make it using remote by connecting on 3443 port but with USERNAME and PASSWORD. Is there any possible way to do it? And if it is would someone like to help me?

解决方案

Yes, but it won''t be TCP, strictly speaking. The approach to such things is considered in the following way: you create another protocol over TCP, the one of the application layer:
http://en.wikipedia.org/wiki/Application_layer[^].

And this protocol could be custom or standard (see the list on the article referenced above), but it should have provisions for your username/password. There is always an application layer of the protocols on this layer, even if you don''t call it a protocol, but you better do.

Now, in this feature, there is nothing going beyond just one TCP connection. Two parts of connected hosts exchange messages in dialog-like manner.

Now, the authentication itself is a big security issue. If a user sends a password directly, it always can be eavesdropped. If your service host stores the passwords in their original form, someone can steel them. But password belongs only to a user who created it; no one, even the administrator, has no right to know passwords. Are these problems resolvable? This is very non-trivial question, but the answer is: yes!

(In fact, passwords should never be stored. This is absolutely not needed for authentication. If you are surprised, keep reading.)

There are somewhat different approaches, but the most usual approach is based on the combination of two encryption technologies:
http://en.wikipedia.org/wiki/Public-key_cryptography[^],
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

You dialog should resemble the dialog between Alice and Bob explained in the first article referenced above. Your service and client parts should create a brand-new pairs of keys each in every authentication act. This way, even of someone permanently listens to the packets being sent/received, it cannot make it possible to impersonate the client. This is basically similar to how HTTPS with SSL work. And second technology allows to avoid sending any password in their original form through the network at all.

See also:
http://en.wikipedia.org/wiki/HTTPS[^],
http://en.wikipedia.org/wiki/Secure_Sockets_Layer[^].

On the topic of password storage and hash functions, please see my past answers:
storing password value int sql server with secure way[^],
Decryption of Encrypted Password[^],
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^].

By the way, keep in mind that your custom connection might not pass firewalls. Just think about it.

—SA

S A Krykov has given a comprehensive answer. I just want add one point...

I strongly recommend that you use PKCS #5 standard to implement password based authentication.

See http://www.rsa.com/rsalabs/node.asp?id=2127[^] for details.

这篇关于使用用户名和密码的TCP连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！