Matcher in C++?
Closed this issue · 4 comments
Thanks for sharing the project Glenn!
Just curious: why is the matcher written in Go? Is there a C++ version somewhere?
Also, does the library support secure transfer of password over the network and storage of hashed (salted) password locally?
Just in golang because it's faster to code web services in that language. Yes, transfer is secure (encrypted and signed). I don't have support for salted passwords locally, but use a token system. Crypto behind my library is: https://github.com/jedisct1/libsodium and it probably supports what you need.
Thanks for the quick reply. Can you share a few words why do we need web services in the first place?
The C++ server could have a matchmaker lobby integrated, or would that introduce attack opportunities?
The security model for netcode (and yojimbo, which uses netcode) requires that you have your own backend where you can generate a token. This token is used for client -> server connection authentication, basically ensuring that only clients that received a token from your backend can connect to your server.
It doesn't matter what language your backend is written in, but you do need one. Having a system where clients can connect directly to a server hosted somewhere is just asking for zombie clients and DDoS....
So the flow is, your client requests a match from your backend (matcher is standing in for this in examples).
Matcher gives a token to your client.
Client takes that token and uses it to connect to the server (it is self contained).
Server verifies token is cryptographically valid, eg. was generated by your backend with your private key, if so lets the client connect.
Client and server can now communicate securely across UDP (signed and encrypted packets).
Server should not be in the hands of your customers. The server should be run on a dedicated secure server somewhere, controlled by you...
If these things don't sound like what you want to do, yojimbo and netcode are not the library you want to use.
cheers