so I created a simple website with a signup and login function. I’m saving the accounts on my webhosting inside a MySQL Database.
When i login from my UE4 PIE it all works except the password isn’t encoded when sending to the PHP file and i’m not sure if this is a good idea to have the accounts on a MySQL Database, online.
How does the big companies save all the accounts? Also inside a MySQL Database and not on the “Game Server” ? I don’t know if i should save the players by using Save Game or if i should use the MySQL Database.
The way I’ve done it with my game is as follows:
- [Server]: Password is stored as a sha256 hash that is generated using “[realpassword]+[salt]” where [realpassword] is the real password and [salt] is a random 2048 character string.
- [Server]:The password is never stored in clear text, database or otherwise
- [Communication]:The request for login sends the username and the clear password to the server. The salt is pulled from the database and a new hash is created using “[userSuppliedPassword]+[salt]”, and is checked against the hash stored in the database. (ideally you would want this communication to be done via HTTPS instead of plain HTTP)
- [Client]: The user is ever only allowed to save their username, using UE4’s built-in save game system. The password has to be re-entered every time the game starts up.
In PHP, you can hash a password with a salt as follows:
$password = ""; // this will be the user-supplied CLEARTEXT password $salt = ""; // whatever you want, more characters = more secure $hash = hash("sha256", $password . "+" . $salt);
Yes, i guess you didn’t understood my question.
You hash the password between “Input” and the database.
I want to hash the password between the GAME and the PHP.