Re: Build to Survive, version 5.0.5
sorry but @tunmy13, you should have expected this to happen.
@Ivan: Okay. I will try. @Pax: I can't change your password unless you are online, but I can provide you the password. Where would you like me to send it to you.
A few years later and we're still trying to pound this into people's heads. Please start hashing player passwords. The fact that an admin can get these passwords so easily to give them out to players is extremely absurd and I'm very surprised no one actually cares. I'm not even saying, developers are gonna misuse this information against other forum members, because I don't know, maybe they will, maybe they won't, but what's to stop an attacker from getting into your server, going to your player data and boom! Same with your sourcecode, if someone breaks your decryption key for player data if encrypted, someone can go crazy and decrypt everyone's player passwords.. look at the SBYW custom server mess that happened last year.
@Ironcross: For the millionth time, we are improving. @Ivan: Yeah they are hashed. Admins cannot obtain passwords, its a developer command.
@Ivan: It's encrypted. We can't see the password unless e use that command. Isn't that quite enough?
-- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
