Ranking
FAQ
Advanced Search
Subscribed Threads
Today's Posts Mark Forums Read
Closed Thread
Switch to Linear Mode Switch to Hybrid Mode Switch to Threaded Mode
Original Post
View Public Profile Send a private message to ASSASSIN92 Find More Posts by ASSASSIN92
Active Inventory Deactivated Inventory Trade History

May 2, 2014 Old
View Public Profile Send a private message to ASSASSIN92 Find More Posts by ASSASSIN92
Active Inventory Deactivated Inventory Trade History
Removed giant broken imageshack link ~ Solax ASSASSIN92's Avatar
10th Dan Black Belt
Join Date: Jun 2009
Posts: 1,035
Clan: Abyss
May 2, 2014 Old
Login data
Need encrypt login data. It security standards.
View Public Profile Send a private message to Foxy Find More Posts by Foxy
Active Inventory Deactivated Inventory Trade History

May 4, 2014 Old
View Public Profile Send a private message to Foxy Find More Posts by Foxy
Active Inventory Deactivated Inventory Trade History
Foxy's Avatar
10th Dan Black Belt
Join Date: Feb 2013
Posts: 11,632
May 4, 2014 Old
Condings, it's quite possible. I did notice this a long time ago where, if you could get on somebody else's computer you could theoretically steal their password and their TC. I think though, if hacking did occur, the staff would refund everything. I'd be more worried if a credit card number was encrypted.
Buy me food and tell me I'm cute.
View Public Profile Send a private message to ASSASSIN92 Find More Posts by ASSASSIN92
Active Inventory Deactivated Inventory Trade History

May 5, 2014 Old
View Public Profile Send a private message to ASSASSIN92 Find More Posts by ASSASSIN92
Active Inventory Deactivated Inventory Trade History
Removed giant broken imageshack link ~ Solax ASSASSIN92's Avatar
10th Dan Black Belt
Join Date: Jun 2009
Posts: 1,035
Clan: Abyss
May 5, 2014 Old
hack can be a patch under the guise of anything. There are many ways, I think
View Public Profile Send a private message to hampa Find More Posts by hampa
Active Inventory Deactivated Inventory Trade History

May 5, 2014 Old
View Public Profile Send a private message to hampa Find More Posts by hampa
Active Inventory Deactivated Inventory Trade History
In coder land hampa's Avatar
Banana Belt
Join Date: Apr 2006
Posts: 2,232
May 5, 2014 Old
Originally Posted by Twilight View Post
Condings, it's quite possible. I did notice this a long time ago where, if you could get on somebody else's computer you could theoretically steal their password and their TC. I think though, if hacking did occur, the staff would refund everything. I'd be more worried if a credit card number was encrypted.

If someone gets to your computer there is nothing we can do to stop it. We can't encrypt the password without it being visible for the client.

Going to Firefox / Preferences / Saved passwords would give the password as well if the users has been on the forum and saved the password there.

If you are only a public machine use /forgetme to remove the stored password.
View Public Profile Send a private message to ASSASSIN92 Find More Posts by ASSASSIN92
Active Inventory Deactivated Inventory Trade History

May 6, 2014 Old
View Public Profile Send a private message to ASSASSIN92 Find More Posts by ASSASSIN92
Active Inventory Deactivated Inventory Trade History
Removed giant broken imageshack link ~ Solax ASSASSIN92's Avatar
10th Dan Black Belt
Join Date: Jun 2009
Posts: 1,035
Clan: Abyss
May 6, 2014 Old
We can not save password in browser. this is saved in a cookie. You don't need that much time to encrypt it and these data are not needed anywhere except the binary file. I think security is always good.
View Public Profile Send a private message to Foxy Find More Posts by Foxy
Active Inventory Deactivated Inventory Trade History

May 9, 2014 Old
View Public Profile Send a private message to Foxy Find More Posts by Foxy
Active Inventory Deactivated Inventory Trade History
Foxy's Avatar
10th Dan Black Belt
Join Date: Feb 2013
Posts: 11,632
May 9, 2014 Old
Originally Posted by hampa View Post
If someone gets to your computer there is nothing we can do to stop it. We can't encrypt the password without it being visible for the client.

Going to Firefox / Preferences / Saved passwords would give the password as well if the users has been on the forum and saved the password there.

If you are only a public machine use /forgetme to remove the stored password.

You know much more about this topic than I do but suppose the password could be encrypted locally on the computer where the client reads it and then sends it via an SSL connection to your servers. Encrypt it locally so that only the person that knows the password can actually view it by confirming their identity by typing it in.
Buy me food and tell me I'm cute.
View Public Profile Send a private message to hampa Find More Posts by hampa
Active Inventory Deactivated Inventory Trade History

May 10, 2014 Old
View Public Profile Send a private message to hampa Find More Posts by hampa
Active Inventory Deactivated Inventory Trade History
In coder land hampa's Avatar
Banana Belt
Join Date: Apr 2006
Posts: 2,232
May 10, 2014 Old
Originally Posted by Twilight View Post
You know much more about this topic than I do but suppose the password could be encrypted locally on the computer where the client reads it and then sends it via an SSL connection to your servers. Encrypt it locally so that only the person that knows the password can actually view it by confirming their identity by typing it in.

So typing your password every time you open Toribash? I doubt that would be very popular.

Don't let people use your computers, if someone is on your computer consider it compromised.
-----
Originally Posted by ASSASSIN92 View Post
We can not save password in browser. this is saved in a cookie. You don't need that much time to encrypt it and these data are not needed anywhere except the binary file. I think security is always good.

Passwords are saved in clear text for your browser. Anyone who accesses your computer can see them.

If you use Firefox go to Preferences / Security / Saved Passwords

The sooner you realize this the better. Don't allow other people to access your computer. Period.
Last edited by hampa; May 10, 2014 at 10:46 AM. Reason: <24 hour edit/bump
Closed Thread

« Previous Thread | Next Thread »