player.ip ... sort of

napo_p2p · #1 03-01-2009, 09:52 PM

I know player.ip has been requested before, and turned down because of security concerns. However, I have a little twist to it. Most scripters who want player.ip need it to do comparisons. Would it be possible to have a variable that contains a hashed version of the player's IP? This would still allow scripters to do IP comparisons, without having the "risk" of exposing IPs to the wrong people.

Chompy · #2 03-01-2009, 10:06 PM

TServerPlayer.ipaddress

Already exists, just needs to be enabled on the server.

For some reason though, you could give R rights to accounts/*/* (NPCServer) and read player's files for their ip, but yeah.

Some way to have ip comparisions would be handy.

Crow · #3 03-01-2009, 10:16 PM

Having a hashed ip would be just as awesome as having the ip itself, yup. I support this.

Inverness · #4 03-01-2009, 10:39 PM

I think having a hashed IP is just playing into the irrational fear that people have with IP addresses.

cbk1994 · #5 03-01-2009, 10:45 PM

Quote:

Originally Posted by Inverness

I think having a hashed IP is just playing into the irrational fear that people have with IP addresses.

Indeed, but it's better than nothing.

I actually requested the same thing a while back.

DustyPorViva · #6 03-01-2009, 11:06 PM

Quote:

Originally Posted by Chompy

TServerPlayer.ipaddress

Already exists, just needs to be enabled on the server.

For some reason though, you could give R rights to accounts/*/* (NPCServer) and read player's files for their ip, but yeah.

Some way to have ip comparisions would be handy.

In the server rules -- servers aren't allowed to do that.

Inverness · #7 03-01-2009, 11:10 PM

Quote:

Originally Posted by DustyPorViva

In the server rules -- servers aren't allowed to do that.

*inappropriate gesture*

Chompy · #8 03-01-2009, 11:28 PM

Quote:

Originally Posted by DustyPorViva

In the server rules -- servers aren't allowed to do that.

For crying out loud, can't we just get a hashed ip address stored in a variable that we can use Stefan?

This is getting weird.

WhiteDragon · #9 03-01-2009, 11:53 PM

Well, the argument is that players should not be able to be identified by anything outside of their account (files, ip addresses, pcids).

No idea why though, it's kind of stupid.

Tigairius · #10 03-02-2009, 12:55 AM

Well, this will get turned down for the same reason that the last requests will: you can store the information to compare people who use the same account; for example: People who have a secret identity will be able to be discovered with this method.

Admins · #11 03-02-2009, 12:56 AM

Can add the hashed ip-address yes.
The main concern is that the ip-address can be used to identify people on the internet (e.g. webserver logs) and you could even do DDOS attacks against people if you know the address, that's why it shouldn't be that easily accessible. It's possible right now for staff to see it (although we might disable that sometime), but if scripts could use them then they would be saved in many different places and the privacy would basicly be dead.
It would be good if servers are only using the hashed ip-address for protection against hackers or so, not for normal identification purposes (most people don't have fixed ips anyway).

Frankie · #12 03-02-2009, 01:10 AM

Quote:

Originally Posted by Tigairius

Well, this will get turned down for the same reason that the last requests will: you can store the information to compare people who use the same account; for example: People who have a secret identity will be able to be discovered with this method.

yeah, this would be dumb.

people like to go on alternate accounts and play the game as a different identity. then you have the ***** on RC who starts trying to figure out who it is then tells everyone when he matches the IP. no fun in it if everyone knows who you are ;[

zephirot · #13 03-02-2009, 01:56 AM

Quote:

Originally Posted by Stefan

Can add the hashed ip-address yes.
The main concern is that the ip-address can be used to identify people on the internet (e.g. webserver logs) and you could even do DDOS attacks against people if you know the address, that's why it shouldn't be that easily accessible. It's possible right now for staff to see it (although we might disable that sometime), but if scripts could use them then they would be saved in many different places and the privacy would basicly be dead.
It would be good if servers are only using the hashed ip-address for protection against hackers or so, not for normal identification purposes (most people don't have fixed ips anyway).

Then it's all good, I'm pretty sure most of the Graalian community don't even know what a ddos is.

WhiteDragon · #14 03-02-2009, 03:19 AM

Quote:

Originally Posted by zephirot

Then it's all good, I'm pretty sure most of the Graalian community don't even know what a ddos is.

And even those who do wouldn't have the vast resources required to pull one off.

Admins · #15 03-02-2009, 05:59 PM

Quote:

Originally Posted by WhiteDragon

And even those who do wouldn't have the vast resources required to pull one off.

Well the DDOS thing is a problem on XBox live already where people use it to lag the opponent.