Forum

Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 54
  1. #16
    Join Date
    December 2009
    Location
    X
    Posts
    35
    Quote Originally Posted by Seoman View Post
    Well, first time i hear of this. I found the option to request a higher level but how does this work? What is the highest level?
    If I understand it correctly, the leveling is completed by computing a very time consuming mathematical formula based on your identity's unique ID.

    Slight math example. I'm sure many people have studied the factorials, but here's a quick review:

    Let's say 1! = 1 as a base rule. Now for any n greater than 1, let n! = n * (n-1)!

    This means the following:

    1! = 1
    2! = 2 * 1! = 2 * 1 = 2
    3! = 3 * 2! = 3 * 2 * 1! = 3 * 2 * 1 = 6
    4! = 4 * 3! = 4 * 3 * 2! = 4 * 3 * 2 * 1! = 4 * 3 * 2 * 1 = 24
    5! = 5 * 4! = 5 * 4 * 3! = 5 * 4 * 3 * 2! = 5 * 4 * 3 * 2 * 1! = 5 * 4 * 3 * 2 * 1 = 120

    Now this may seem trivial to compute, but once you get into very large numbers, it will take a computer longer to calculate it (unless caching is used, and even then it may still take longer as the size of the numbers increase, but this is beyond the scope of this example). The important thing to note here is that it takes much longer to calculate larger numbers. So calculating 1 to 5 will be practically instant, but 50 to 100 may take an incredibly long time, increasing the time needed more and more as you increase the number to compute.

    Now the TS3 algorithm is much more complicated than this one, but it's the same basic idea. It takes a short amount of time to level up to Security Level 10 and calculate the needed formula. It takes longer to calculate the needed value to obtain Security Level 20. It takes even longer to calculate to Security Level 30, and so on.

    A server can roughly determine how long it should take a person to level their account to gain access. Level 30 means a person has to have the account for about a day or two, I think, depending on how energetic he is to level it, and a number of other factors. Level 50 would mean an incredibly much, much longer time to level.

    Quote Originally Posted by Seoman View Post
    And when Joe Moron could join the server with identity 1 i am sure he is able to join with 2 too cause all identities have security level 9, arent they?
    It depends on how high you set the Security Level for him to join. You are correct about the fact that accounts start at a base level greater than 1, but my example assumed that Joe had set his first identity to a higher level than the base level, although I may not have mentioned this explicitly. If I didn't state this, I should have.

    Quote Originally Posted by MaXXimus View Post
    DavidC99 makes a somewhat valid point that some servers are public and I think by default most servers are security level 8... or at least the one's I have been in. So if Joe Moron comes into my public server and causes a problem, I can raise the required security level to 9 and now Joe Moron has to take the few seconds required to level up before he can come back in.
    You probably want to go more than just one level above the base value, but yes, you're right in principle.

    Quote Originally Posted by MaXXimus View Post
    But this is where I think the security level is somewhat moot across the board, because if the server gets hammered by a group of Joe Morons and they keep increasing the security level... at some point the users that frequent that public server are gonna say "to heck with this" because I have to keep raising my security level each and every time this happens, plus my buds who want to come here for the first time need to take 10x the amount of time to level up.
    The users who frequent the server don't have to keep doing it that much. If you're hardcore about it, just take the time to level up by leaving TS3 open, not connected to a server, all night leveling by itself. If you're going to work in the morning, leave it open all night and then all day while you're gone. If your computer is a monster, then you could just keep it going while you're online and using TS3, too.

    You can obtain a good level and you only need to maintain the one identity. After all, the Joe Moron types of people have to keep leveling from the base value every time they get banned and want to enter the same server. People who don't cause trouble can simply keep leveling without starting from scratch. The general population can increase their level over time while others can't.

    I understand that this system is not perfect to eliminate the bad people entirely, but it's a compromise to keep public servers just a little bit more less bothered. In the TS2 setup, there wasn't much you could do to keep people out of a public server except for bans on IP. This is an improvement, in my opinion. It's definitely an interesting element.

  2. #17
    Join Date
    December 2002
    Location
    The Netherlands
    Posts
    14
    if teamspeak 3 is heading over to the more public servers i don't know if game clans should use teamspeak 3.... They should stay at TS 2 or move on to another VOIP program...

    As i've read here teamspeak has become in-usable for clans because they need a secure environment to talk to each other without others that can interfere...

    and NO a general password is not enough to protect clans nor are tokens...

    and if passwords are not that secure... why not integrate the tokens to the password protected rooms... they only have a password...not even a username

    Who sais that if i write down my passwords in a book is more secure then a exported INI file on a USB disk....

  3. #18
    Join Date
    December 2009
    Location
    X
    Posts
    35
    Quote Originally Posted by Dutch_com_freak View Post
    if teamspeak 3 is heading over to the more public servers i don't know if game clans should use teamspeak 3.... They should stay at TS 2 or move on to another VOIP program...
    All they are doing is making public servers more manageable. This doesn't change how they work for private usages in that regard. Nevertheless, the GUID system they are using is actually a security improvement at present over the old account system.

    Quote Originally Posted by Dutch_com_freak View Post
    As i've read here teamspeak has become in-usable for clans because they need a secure environment to talk to each other without others that can interfere...

    and NO a general password is not enough to protect clans nor are tokens...
    The usage of a general password is shared by TS2 and TS3, and therefore matters little in this context.

    The token system is actually more secure than using passwords, provided that the users know how to protect their TS3 identities. Even if they don't know how to protect it, if you are using TS3 on a private machine, you are almost guaranteed to be kept safe.

    Guessing passwords is possible. Guessing tokens is also possible. Tokens do not always exist for each person on the server. There is very little ability to tell when a token is available to be brute forced, plus they are generally much more stronger than the average user password by a vast amount. Passwords, however, are always available on a server in some form to be guessed. Therefore, the token system is more secure.

    Besides, if a general password isn't enough to keep a clan protected from intruders, why would you think that passwords to server admin accounts would be better? In the former case, all you've given away is access to connect, which can be remedied. In the latter case, you've given complete access over your virtual server, which could be disastrous. It doesn't seem like you've thought this thing through.

    Quote Originally Posted by Dutch_com_freak View Post
    and if passwords are not that secure... why not integrate the tokens to the password protected rooms... they only have a password...not even a username
    How would that improve anything?

    Quote Originally Posted by Dutch_com_freak View Post
    Who sais that if i write down my passwords in a book is more secure then a exported INI file on a USB disk....
    You can write down the contents of the INI in a book, too. You can write a password in an INI file. What's the point?

  4. #19
    Join Date
    December 2002
    Location
    The Netherlands
    Posts
    14
    OH comonn!... we are not trying to secure a bank.... its just teamspeak.... so what if someone messes about with the settings?.... ill put em back again via web-admin or even telnet...

    BTW... in all the time i have run teamspeak i have had this 1 once (on more then 7 years...) and only because a SA was dumb enough to give the SA to someone of the public....

    Clans (eg. we) just want complete control over who can and who cannot login to our server this system is not good enough... if you have more then 100 members and give out the password to that 100 members they can connect but who is going to tell you they are not giving out that password to anyone else.... and WHO gave it? with an account system you can tell who did that

    i dont see this token thing rising up high for clans.......if there used this way... id suggest running them both next to each other so you do have separate logins and keep the security with tokens for SA's and not bind it to the username and password... and sure they can give out there usernames and passwords... but we will know who did that and we can disable this account without needing to send everyone a new password over and over again.... and i know what will happen next people start to feel kicked/left out because they did not know the password has changed...

    again the system now is maybe good for public servers not for clan servers


    oh btw...
    Quote Originally Posted by DavidC99 View Post
    You can write down the contents of the INI in a book, too. You can write a password in an INI file. What's the point?
    The book does not travel to other computers

    Quote Originally Posted by DavidC99 View Post
    How would that improve anything?
    because you say passwords are not secure enough... im sure saving this with a token would be much safer :P


    If this token system was any good many forums would already be transferring to this system but they are not
    Last edited by Dutch_com_freak; January 3rd, 2010 at 11:42 AM.

  5. #20
    Join Date
    December 2009
    Location
    X
    Posts
    35
    Quote Originally Posted by Dutch_com_freak View Post
    OH comonn!... we are not trying to secure a bank.... its just teamspeak.... so what if someone messes about with the settings?.... ill put em back again via web-admin or even telnet...

    BTW... in all the time i have run teamspeak i have had this 1 once (on more then 7 years...) and only because a SA was dumb enough to give the SA to someone of the public....
    If you don't care about someone wiping out your server settings, then I'm not sure why you're asking about security in the first place.

    Quote Originally Posted by Dutch_com_freak View Post
    Clans (eg. we) just want complete control over who can and who cannot login to our server this system is not good enough... if you have more then 100 members and give out the password to that 100 members they can connect but who is going to tell you they are not giving out that password to anyone else.... and WHO gave it? with an account system you can tell who did that
    Now you're worried about your clanmates being untrustworthy?

    Quote Originally Posted by Dutch_com_freak View Post
    i dont see this token thing rising up high for clans.......if there used this way... id suggest running them both next to each other so you do have separate logins and keep the security with tokens for SA's and not bind it to the username and password... and sure they can give out there usernames and passwords... but we will know who did that and we can disable this account without needing to send everyone a new password over and over again.... and i know what will happen next people start to feel kicked/left out because they did not know the password has changed...

    again the system now is maybe good for public servers not for clan servers
    Adding accounts only ruins the point for having the token authing in the first place.

    The token system is mainly meant for the granting of permissions and status, not for entering channels. The leveling up is used to keep troublemakers out of public servers. That's about it. If you want to keep people out, use a password on the server and find members who you can trust.

    Quote Originally Posted by Dutch_com_freak View Post
    oh btw...


    The book does not travel to other computers
    It could still travel to other people's hands.

    Quote Originally Posted by Dutch_com_freak View Post
    because you say passwords are not secure enough... im sure saving this with a token would be much safer :P
    The TS3 team could allow access to channel's through the ID system, however, this requires separate status checks for channel permissions to join. It is much less work simply to password channels.

    Quote Originally Posted by Dutch_com_freak View Post
    If this token system was any good many forums would already be transferring to this system but they are not
    This only indicates ignorance. Here are only two problems with your assertion:

    1. Forums aren't the indication of success. Forums are always known to have weaknesses in the password area. Just because forums do something doesn't mean it's good for everyone. Public forums are also in a weak position versus spam, which is why they force people to register with so much information, and why they have an anti-spam feature in many of them.
    2. Forums can't quite implement a safe and efficient GUID system. How do you expect a forum to implement this GUID system? This requires something unique about each user. Do you reasonably expect a website to be able to perform efficiently such calculations and obtain knowledge of the internals of your computer system? Do you think people would be willing to put up with this type of needed ambiance to put up with a forum? I think not.

  6. #21
    Join Date
    January 2010
    Location
    United States
    Posts
    30
    In regards to nickname stealing, I think I've come with a good solution that favors both those who like the identity system and those who prefer a registration system.

    My feature suggestion topic for it is here: http://forum.teamspeak.com/showthread.php?p=214058

    Kind Regards,

    Haku

  7. #22
    Join Date
    December 2002
    Location
    The Netherlands
    Posts
    14
    Quote Originally Posted by DavidC99 View Post
    If you don't care about someone wiping out your server settings, then I'm not sure why you're asking about security in the first place.
    On ts2 what could the possibly do when they had sa... remove registration? delete/alter channels... wow...


    Quote Originally Posted by DavidC99 View Post
    Now you're worried about your clanmates being untrustworthy?
    Yes....?


    Quote Originally Posted by DavidC99 View Post
    If you want to keep people out, use a password on the server and find members who you can trust.
    mate... you have nu clue about running clans... peoples opinions always differ etc. People leave the clan people sometimes even get forced to leave the clan...


    Quote Originally Posted by DavidC99 View Post
    It could still travel to other people's hands.
    Not it it stays on the desk and the USB stick is meant to travel to other computers (exporting of accounts) the book is just a reference to get back to when u forgot it... nearly never opens


    Quote Originally Posted by DavidC99 View Post
    The TS3 team could allow access to channel's through the ID system, however, this requires separate status checks for channel permissions to join. It is much less work simply to password channels.
    That u said was an insecure method....

    I still think letting everyone just go and connect to the server is a bad thing... you don't want your bad neighbor sit in the hallway just to see what happens.... name stealing just would not happen when its back to normal accounting system.... people would be carefull to mess around with there account...

    Just one more thing.....if somehow the client cant save its data to the file where the token etc is saved the TS client reports an error and all settings inc token are gone... (happened more then once to same or different members already) this means... new token... all settings gone... re-importing token does not work at the time then... this would have never happened when you had passwords.... ok he could have forgotten his password.. but i could reset that... and he could just re-enter it and done... the token system then requires me to remove all his rights and recreate them....And...if you look at tokens closely you find out that (admin) tokens and passwords work exacly the same on connecting... the only thing missing is the Username
    Last edited by Dutch_com_freak; January 4th, 2010 at 10:37 AM.

  8. #23
    Join Date
    January 2010
    Location
    Iowa
    Posts
    3
    I have to agree with allot of what Dutch_com_freak is saying. I run a clan server. I have only been running TS3 for a couple weeks now, and just barely understand the basics of running it. I have already had to deal with someone mimicking an others name, and I have not been able to find a way to prevent that from happening. Game playing clans can sometimes get into some rather childish fights, this can happen within the clan, or even with other clans. I've seen grown men act like 2 year olds over game play. I am sure many of you have witnessed the same. Now when you have a member that throws a tantrum, and decides to disrupt things, allowing this member the ability to change a name to mimic another member within the clan and stir things up more is just silly. There needs to be a way to tie a user name to an account, and not allow another user to mimic an others user name. This is just one example of someone having a bad day. It's going to happen, it's going to cause clans to look for other voice servers. I am not arguing with the current system of security, it's simply the current system of identity that is lacking.

  9. #24
    Join Date
    November 2004
    Location
    Germany
    Posts
    74
    Well, it's up to the administrator on giving someone rights (like putting him to the "Normal" group so he's no longer "Guest") to give him a DESCRIPTION, too. This description is bound to his ID so everyone can see description does not match nickname.
    So if Peter Maggot alias "Firefly" got the description "Firefly" and some day enters with a nickname "Groundhog" which usually is used by John Doe, everyone can see he's "Firefly" - and that's for sure.

    It's the same administrative task like changing someone's password or something, except you'll have to do it _before_ anything annoying happens instead of simply reacting to issues.

    Even the friend/foe list of every single client will help recognizing someone using another ones nickname.

    If John Doe had a loginname "Groundhog" and his password would be "12345" in the above example, Firefly most probably would be able to take over his _ACCOUNT_ without ANY noticeable clue to anyone.

    So what?
    Your loginname actually is your unique ID. It's simply no more "human readable", that's all.

  10. #25
    Join Date
    November 2004
    Location
    Germany
    Posts
    74
    Oh well, I forgot something:
    For those who want to have their servers closed and give away logins/passwords (so that no "guests" may connect):
    Set a server password and dont give it away. Create new identities, connect once using the password. Then export the identities and send them to your users - your may then delete them on your side (or keep them for later reference). Done.
    It's no difference whether you create loginname/passwords or create and export identities. And I'm quite sure there will be tools or plugins for assistance to that task (if I had the time, I already would have written one)

  11. #26
    Join Date
    December 2009
    Location
    Switzerland
    Posts
    439
    Quote Originally Posted by absence View Post
    Create new identities, connect once using the password. Then export the identities and send them to your users
    Not a good idea. If the user uses this identity for other servers too, you can use his identity and have all his rights on the other server.

  12. #27
    Join Date
    December 2002
    Location
    The Netherlands
    Posts
    14
    Quote Originally Posted by absence View Post
    Well, it's up to the administrator on giving someone rights (like putting him to the "Normal" group so he's no longer "Guest") to give him a DESCRIPTION, too.
    I still have a problem with connected users in my "hallway" lurking .... and the client announcing it....left/joined etc.... why even pretend that you are going to let them in while you could have said "no!" and closed the front door....

    Why do i have to do stuff to protect the server while it should have done it itselve....

    Quote Originally Posted by absence View Post
    If John Doe had a loginname "Groundhog" and his password would be "12345" in the above example, Firefly most probably would be able to take over his _ACCOUNT_ without ANY noticeable clue to anyone.
    Did not say it was that bad... only missing login stuff.... one server password just wont cut it for clans....... when there is said that a account system is weak compared to tokens COMBINE them let the accounting system check with the Token system and vise versa..... let them work together



    and i thought TEAMspeak was more clan orientated then public server after 7 years i guess i was wrong...

  13. #28
    Join Date
    November 2004
    Location
    Germany
    Posts
    74
    Quote Originally Posted by PeterW View Post
    Not a good idea. If the user uses this identity for other servers too, you can use his identity and have all his rights on the other server.
    well, if he does so with the loginname and password you gave him - what's the difference?
    (I never said it's a good idea, but it's the same practice like with loginnames and passwords. There is NO difference, it's just not like people are used to)

  14. #29
    Join Date
    December 2002
    Location
    The Netherlands
    Posts
    14
    Quote Originally Posted by absence View Post
    There is NO difference, it's just not like people are used to)
    There is.... users have to connect to the server and are allowed in immediately (with or without certain rights)... a wrong UN and PASS would give you no access at all

  15. #30
    Join Date
    November 2004
    Location
    Germany
    Posts
    74
    well, as I said - close your server and give them identities to import and you're done with that.
    ( If you're a nice guy you name the identities with a postfix of your servers name and drop them a note that of course you own the identity, too; hence it would be risky should they intend to use the same identity on other servers - well, that should be quite obvious, but we know people, don't we? )

    Another way would be to close or unsubscribe the default channel and let regular users join to a specific channel. Set idle timeout for guests to 5 Seconds or something, give away the server password and you're done, unbothered by join/leave notifications (as unsubscribed) plus preserving your slot count. If problems arise anyway, change server password. Noone needs it so far, as long as you're not wanting to add another regular user (which you then may do very flexible either "online" or offline via token or whole identity handout)

    Well, there are many solutions to your problem (even a plugin someone probably will program one day), so please don't stick to the things simply by being used to 'em.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Nicknames: Anyone can use yours
    By stalker34 in forum Permission System
    Replies: 26
    Last Post: August 29th, 2013, 12:49 PM
  2. Stealing License
    By SawyerJ in forum Server Support
    Replies: 1
    Last Post: March 5th, 2013, 03:19 PM
  3. Nicknames
    By AnEliteSoldier in forum General Questions
    Replies: 1
    Last Post: December 24th, 2011, 07:24 PM
  4. Colored nicknames
    By bpksdevilz in forum Suggestions and Feedback
    Replies: 3
    Last Post: July 18th, 2011, 06:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •