[MumleLink] Security questions
Regarding security: If you use the concept of a “shared key”, “stealing” data is pretty impossible – this was also one of my concerns. Regarding maths’n’stuff, have a look at mine and Heimdall’s repos over here (or this thread too):
https://gw2apicpp.codeplex.com/ (C++ Mumble link part)
https://gw2apicpp.codeplex.com/SourceControl/latest#GW2API_Upload/Gw2Maps/Position.cpp
//Avatar View
sprintf_s(num, NUM_SIZE, "%s%d,", J_AVATAR_FRONT, mod((atan2(image.fAvatarFront[2], image.fAvatarFront[0])*180/PI), 360));
https://github.com/codemasher/gw2api-tools/blob/master/examples/gw2location-receiver.php (receiver for the Mumble link data)
https://github.com/codemasher/gw2api-tools/blob/master/sql/gw2_player_pos.sql (SQL database schema)
https://github.com/codemasher/gw2api-tools/blob/master/examples/gw2location.html (web frontend)
https://github.com/codemasher/gw2api-tools/blob/master/examples/gw2location-ajax.php (ajax part of the web frontend)
(edited by smiley.1438)
Thank you for your answer. Heimdall has contacted me by PM also (I wrote back yesterday)
The purpose of my overlay is exactly to view multiple groups/all groups on a map. Thus I just want the player to select a color and he/she is done. “Shared Keys” are a good solution for closed groups but not for my purpose I think.
So the secret key is in my case the not so secret worldId + mapId. If I can have those two by the mumble always correct (no worldId in WvW/on Overflow) and I can asure it cannot be faked (my second point about the fingerprint) there would be no need to even interact with the overlay at all.
Can I please ask a developer to look into those issues. As long as the worldId is not set everywhere or I can get the Home WorldId and as long as there is no way to verify the MumbleLink Data is actually really from GW2 I cannot release my overlay.
Thank you and Greetings,
Gil/Comes Mors
- Register user
- Give user unique key
- Let user input that in the position program
- Players with admin right to relevant group(s) can add him via username