SA-MP Forums Archive
Unhashed Passowords Against The Rules? - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: Unhashed Passowords Against The Rules? (/showthread.php?tid=602840)

Pages: 1 2

Re: Unhashed Passowords Against The Rules? - saffierr - 17.03.2016

Quote:
Originally Posted by Vince
View Post
This is quite probably the dumbest thing I've read today.
That's actually even illegal... I doubt you knew that.

Re: Unhashed Passowords Against The Rules? - SickAttack - 17.03.2016

Quote:
Originally Posted by saffierr
View Post
That's actually even illegal... I doubt you knew that.
It isn't illegal. But that doesn't mean that you are immune to lawsuits.

Re: Unhashed Passowords Against The Rules? - K0P - 17.03.2016

Quote:
Originally Posted by SickAttack
View Post
Which server do you own? To remind everyone, including myself, to never play on it.

Don't be stupid and hash those passwords!

Tip: Keep your hashing algorithm a secret! With it, people can retrieve anyone's password by enforcing brute force.
Alright Alright Ive already done that...
You are the 4th one saying that

Re: Unhashed Passowords Against The Rules? - DarkLored - 17.03.2016

Quote:
Originally Posted by K0P
View Post
I keep the password in both forms (Hashed + Unhashed)
Just for account recovery,i wont misuse that data
Ill never let that data too be leaked
As its against the rules & i dont want to get involved in this kind of stuff
Why would you need to save their password if you could simply reset their password for them and force a dialog that creates a new password?

Re: Unhashed Passowords Against The Rules? - K0P - 17.03.2016

Quote:
Originally Posted by DarkLored
View Post
Why would you need to save their password if you could simply reset their password for them and force a dialog that creates a new password?
1.I "used" that for situation like if the player forgets the password he can contact me,ill recover it
2.I dont like to add security questions in my server for recovery
3.I just asked "Unhashed Passowords Against The Rules?"

Re: Unhashed Passowords Against The Rules? - SickAttack - 17.03.2016

Quote:
Originally Posted by K0P
View Post
1.I "used" that for situation like if the player forgets the password he can contact me,ill recover it
2.I dont like to add security questions in my server for recovery
There are other methods that you can use to recover someone's password. Here are a few:
Quote:
Originally Posted by K0P
View Post
3.I just asked "Unhashed Passowords Against The Rules?"
It isn't against the rules; however, it's super clear that you don't know what you're getting yourself in to, and moreover, you don't know what in the world you are doing. You should never leave extremely sensitive information such as passwords unprotected and as is.

Hashing passwords is a must, (assuming/implying) you don't know what could go wrong. You have no idea.

If you, a friend, or anyone else gets their hands on players' passwords and thinks of exposing them to others in a way and someone reports this matter to SA-MP's administration. You are in for trouble. It will ruin your server's reputation, your reputation and your server would be removed from hosted tab as you broke the service agreement.

And please don't say that you will make sure no-one gets their hands on those passwords you didn't hash. Because anything is possible and it can happen in so many ways.

Think about this and please consider taking our advice (remove unhashed passwords and always hash/encrypt extremely sensitive information).

Re: Unhashed Passowords Against The Rules? - Vince - 18.03.2016

Quote:
Originally Posted by K0P
View Post
1.I "used" that for situation like if the player forgets the password he can contact me,ill recover it
Do you know any site or service that "recovers" your password and sends it to you in plain text? I don't. Most sites or services a) send you a new, randomly generated password which you can change after login or b) send you a link that can only be accessed once, to set a new password. Sites or services that do send passwords in plain text should be stayed far away from.

Re: Unhashed Passowords Against The Rules? - K0P - 18.03.2016

Quote:
Originally Posted by Vince
View Post
Do you know any site or service that "recovers" your password and sends it to you in plain text? I don't. Most sites or services a) send you a new, randomly generated password which you can change after login or b) send you a link that can only be accessed once, to set a new password. Sites or services that do send passwords in plain text should be stayed far away from.
Emails are not linked by accounts in my server

Re: Unhashed Passowords Against The Rules? - Sithis - 20.03.2016

Quote:
Originally Posted by Dawny
View Post
Fairly speaking, that still doesn't mean he cannot keep unhashed passwords. Its dumb to do so but there is no policy stating so, which is a fair point for those who want to understand it in whatever way. You're not REALLY exposing passwords, tbh.
Again, if its not wrong doesn't mean you don't do it.
So, yeah. Let's just move to hashing passwords instead.
Yes, it is against the policy.

Quote:

(f) You may not violate the privacy of a player, service provider or server operator
by means of exposing passwords or identities without consent.
Exposing a password would be the case when you don't properly encrypt their password. Not only would this be against the SA:MP ToS, but also cause civil liabilities in most legal systems.

Re: Unhashed Passowords Against The Rules? - Jeroen52 - 21.03.2016

Quote:
Originally Posted by Sithis
View Post
Yes, it is against the policy.



Exposing a password would be the case when you don't properly encrypt their password. Not only would this be against the SA:MP ToS, but also cause civil liabilities in most legal systems.
I think that you mean hashing.