Benefits of logged profile?

  • TunSalat

    What does using secu login actually do?

    Is it so stats, kills/deaths and pps are logged and remembered?
    Or is it just for stats on my profile on crymp?

    Tell me about it.
    What will I miss if I remove secu login from autoexec.cfg?


  • Comrade

    Logged-in profiles are used to identify certain players anytime and anywhere. If you use such profile, server can be sure that it's really you (unless someone has stolen your password or secu_login key). This is very important especially for assigning additional privileges to players (admins, moderators, etc).

    CryMP supports logged-in profiles from the beginning. In the old days players without their own profile got just randomly generated profile ID from the range 800000 - 999999. These players had different profile ID every time they launched the game. Master server also didn't validate these random profiles, so they were quite useless. Lately today's so called static profiles with 100xxxx IDs were added. These profiles are automatically assigned by the master server and are somewhat bound to the computer of each player. That means it's now possible to identify all players and not only those having their own registered and logged-in profile. It also fixes one nasty problem. As you probably know, you can register as many profiles as you want, so logged-in profiles are not so useful for banning someone.

    The problem with static profiles is that they are not as static as they should be. Your static profile ID can actually change sometimes (rarely) because there's no 100% way to clearly identify players without their own effort. However, static profiles are still quite safe and also spoofing someone's static profile is very hard mainly because servers validate the info sent by your multiplayer client on the master server. Although, as far as i know, only servers using SafeWriting or CryFire actually do such validation, but that's another story.

    Conclusion: Logged-in profiles are for giving you some special privileges on the server. Static profiles are for banning you from the server. Today, correctly configured servers can obtain your static profile (together with some additional information) even when you use logged-in profile, so there's no reason to not use your own logged-in profile. It's actually a nice thing because it shows that you're not too lazy to register and configure your own profile, and also server operators can easily give you, for example, moderator privileges because from a technical point of view you already have everything required for that.

  • TunSalat

    Alright thanks for explaining :)
    I guess rCX server looks if autoexec.cfg is empty. If not: MODS! KICK! ?
    There must be a way to check WHATS in that file, like maybe some regex or other scan of the content?
    So it can say "ah, it's just a profile login. all is ok"

  • Zi;

    Well, it doesn't look in that file, servers do not have that privillege of accessing people's files, and let's be happy they don't, that would be security vulnerability.
    Simply put, if you don't have anything in autoexec.cfg and don't use secu_login, your client will stick to that 100xxxx profile when you visit the server.

    So all there is at rCX is just something like this:
    if player.profile < 1000000 then

    It's really that simple.

  • TunSalat

    What's bad about a low number profile?
    Or why would a server kick based on that alone?
    I don't see how it's related to cheating etc.

  • Zi;

    I think Comrade already described the issue.

    As you probably know, you can register as many profiles as you want, so logged-in profiles are not so useful for banning someone.

    You know, nobody really forbids you to create 50 CryMP accounts and all of them will have different profile ID.

  • TunSalat

    Hm ok. So how do I solve this?
    I want to use secu login profile + I want to play on rCX server (I think) :D

  • TunSalat

    btw Zi; you say "servers do not have that privillege of accessing people's files".
    But that doesn't sound right.
    I see a lot of "player xxx uses a modified xxx file".
    Unless it just looks at date-modified, size or something.
    But I would think the mp game/server can access what you've changed/enabled/disabled in settings/config. Hm?

    Off topic ;)

  • Zi;

    File check works as follows:

    1. Server computes hash of given file, let's say LAW.xml and result is 123123123
    2. Server tells all people to compute the hash of that file too
    3. Clients compute the hash and send it back to server, let's say my computed has is 234123123
    4. Server compares hashes he got from people with it's own hash, therefore 234123123!=123123123 => cheat detected... person is using modified file.

    See, server doesn't need to have access to your files to compare them.

  • TunSalat

    Ok I see.
    So server never knows HOW the user has configged the game ;)