logging - Java Encrypting logs -


i making game. have build logging facilities internally, , there message types general, log, exception, send, receive, debug.

the send , receive logs contain raw logging information, contain send on network.

the game uses client-server model , uses ssl connection such network information cannot altered. logging logging text plain text, , cause trouble. plan on masking (by *'s) personal information (like passwords, etc.)

however have few concerns:

  • the client program contains truststore use ssl , server's hostname/ip , port not secret either. if person knows send on network, can act client, right?
  • if person can see client sends , receives, might able make bot easily. (the game turn based 2d game, relying on network data should able play game think. there no skill mouse required in way.)

so in all: how can still log information , write file, without else being able read, modify or use in way?

all comments appreciated, , appreciate concrete suggestions how implement such system.

regards.

if you're worried encrypting data on server, easiest solution whole-partition encryption program truecrypt - protect server data if steals machine / hard drive.

if you're encrypting data on client's machine, means encryption key must somewhere on client's machine (even if it's in main memory). go ahead , encrypt or obfuscate log information make more difficult users read it, aware user still able read if (s)he puts enough effort it. said, best way obfuscate data encrypt key never saved disk - example, when user logs in send them fresh encryption key client app use encrypt log data; on server, keep record of keys you've sent client , @ utc timestamp. store logs unencrypted timestamp, when user's client app sends log data you'll know key use decrypt it. user can change timestamp, equivalent user deleting log data machine (which can't prevent); meanwhile difficult user figure out key used encrypt data, it's not easy user read or forge log data (but again, user can read / forge log data if put enough effort it).

you can take steps obfuscate encryption key in memory e.g. storing in multiple pieces. example, assuming you're using aes 128, can store key in 2 64-bit chunks concatenate before encrypting data, wiping concatenated key memory you're done it. or can store 2 128-bit keys xor'd together, again wiping xor'd key memory you're done it. dedicated user can still figure out key, make bit more difficult them.

another step can take use encryption algorithm besides aes, e.g. of other aes finalists twofish or serpent (don't implement own encryption algorithm, you're better off broadcasting you're using strong algorithm aes using weak obfuscated algorithm). remember obfuscate encryption library's class , method names make more difficult user figure out encryption algorithm you're using. (this more effective if you're compiling machine code - it's not worth if you're using java, because user can decompile code , use own decryption code decrypt log files.)

in terms of figuring out if player human or bot, not games greater budgets yours able reliably - can boot user or send them sort of captcha if exhibit "bot-like" behavior, isn't fool-proof, , ought favor not annoying legitimate users on booting bots.


Comments

Post a Comment

Popular posts from this blog

blackberry 10 - how to add multiple markers on the google map just by url? -

i have android application, want convert blackberry 10 , google map needed in app,but blackberry 10 not support googlemap , blackberry developer web site supply way replace it.the sample below: @override public void oncreate(bundle savedinstancestate) { super.oncreate(savedinstancestate); setcontentview(r.layout.main); webview webview = (webview) findviewbyid(r.id.mywebview); webview.getsettings().setjavascriptenabled(true); webview.loadurl("http://maps.google.com/?ll=36.97, -122&lci=bike&z=13&t=p"); } i cannot understand it,i not know how add multiple markers on googlemap via url? can me? this worked me map shown in webview.
Read more

php - guestbook returning database data to flash -

i've been struggling problem long , unable make work, hope can me it. first, know php files correct , mysql database works fine. in flash, able submit comment database comments not display. did many tests such making returned_database flash separately , worked fine - can see old comments. long combine submitting 1 , returning 1 together, flash doesn't show comments more. put lower version flash effects on frame thinking doesn't collaborate returning flash, submitting flash works fine. since pretty complex problem hard me copy actionscript code because on different frames in flash. if has ideas fixing maybe can send file you?
Read more

delphi - Dynamic file type icon -

i want register file type in windows , make program delphi draw icon of file according contents (something custom icon format). how can this? thanks nortd , user539484 comments, searched internet "shell icon handler delphi" , found sample here , , shell+ components has component this.
Read more