@gamesilo7515
I honestly don't know how i discovered this channel now ? How could i miss it this whole time ? This is pure gem. Thank you sir.
@robinsonlew4467
Although each video is less than an hour, it makes me half a day to consume it. I'm sure the time you spend on each video must be more than several days. Thank you very much javid!
@danbopes6699
I think it would have been awesome if you mentioned that this handshake is also a good way to prevent against DDoS attacks.
A lot of server apps now take advantage of cryptographic functions to prevent against DDoS attacks, by having the client do a fairly process intensive task (Like sit in a tight loop, processing hashes), that is extremely simple for the server to validate (Essentially what crypto-chains use).
ie. Provide the client with an initial seed # (serverSeed) randomly generated, and a complexity #. Next, the client takes the initial seed #, and begins to process thousands of hashes (Which entirely depends on the complexity #):
The client starts a loop:
for (var i = 0; i < int32.MaxValue; i++) {
var result = sha256(initialSeed + "|" + clientInt)
// Next we look at the number of zeros that the seed starts with
if (result.substring(0, complexityNumber) == "00000...complexityNumber") {
//We found a sha seed that starts with the number of 0's required in order to authenticate
completeHandshake(clientInt); // Pass this clientInt back to the server
}
}
The server then can really simply calculate one SHA256 hash:
sha256(initialSeed + "|" + clientInt)
// If the hash generated here, meets the complexity, allow the connection, otherwise simply discard it/block the connection.
The client then does a tremendous amount of work to connect, thus stopping the server from wasting a ton of resources on processing connections. A quite ingenious way: If the client takes 200ms to generate this seed, for someone to DDoS, 200ms is an absolute nightmare, which will overwhelm their systems before they can do any damage to yours.
@onogrirwin
best video on the internet so far this epoch.
@Salehalanazi-7
Reminder that he has a Patreon
@Dave_thenerd
5:47 It's worth mentioning that if you're developing for Windows there is a Windows Kernel specific Condition Variable type and Memory Barrier type which in combination both prevent spontaneous wake up and dead lock (in this scenario). std::condition_variable is not 100% guaranteed and std::memory_barrier [in C++ 20] are both generalizations and don't have real kernel-based implantations (Windows and IBM's Zos are the only OSs which have memory barriers in the kernel at the moment) so they will not prevent spontaneous wake up or dead lock 100% of the time but like 90% of the time) An adaptor pattern with Windows specific code would make this a super stable server.
@contentnation6108
I think the scambling function as a stub for a connection handhake is fine for a tutorial series. But nothing that should be used in production. You never ever should rely on security by obscurity ("secret code" that is in the client application). Better would be an open protocol with good cryptographic authentication (like per user unique username/password over tls), but this would be too advanced for a tutorial like this. So make a remark, leave it in and go on ;)
@germandiago2193
Go ahead javidx9. You are the single best ever person I have seen at explaining non-trivial programming topics.
@JoshRosario310
Epoch caught me off guard 🤘
@VmsCentral
@javidx9 25:30 forward declaration is unable here according to used method OnClientValidated of server_interface at 23:27 of video. Yes, one of project can use only forward declaration but second required including of header with server_interface class.
@drew21t
Guys you've got to realize that this is a simple approach to client validation and isn't by any means what you should use. He's, like always giving you something you can work with. If you're looking for actual approaches to doing proper client validation, you want to look at implementing a login process using some sort of key system with a database like any other authentication process in application development does. Keep in mind that there isn't a single mmo out there that you don't type in some sort of authentication credential into before logging in to the game. His process is just a good starter for you to look at expanding upon. I assume so that he doesn't have to host the infrastructure to do proper authentication etc, which I feel because who wants to host more than they have to.
@mohammade.8770
The Legend strikes again ♥️♥️♥️
@williamokano
You can't imagine how anxious I was waiting for this part 3 😂. Waiting for the MMO implementation and furthur tweaks
@_syedmx86
"Bonjour" "Yo" Very nice
@douggale5962
I almost suggested using an asymmetric public key algorithm to exchange keys and become immune to man in the middle attacks - then I realised, the attacker has complete control over the client, they can do their hacks before the encryption and defeat that as cheat prevention. Anti-cheat must be done primarily on the server, where attackers have no control over it.
@palerider2143
You’re teaching the next generation man
@zuhail339
My go-to for C++ ♥️
@manas_singh
I had been waiting so long
@bill_codes
From the EPOCH till the break of dawn and so on ...∞
@javidx9