Unhashed Passowords Against The Rules? - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: Unhashed Passowords Against The Rules? (/showthread.php?tid=602840)

---

Delete << - K0P - 14.03.2016

Delete

---

Re: Unhashed Passowords Against The Rules? - iKevin - 14.03.2016

Yes it is, I guess.

---

Re: Unhashed Passowords Against The Rules? - Dawny - 14.03.2016

No, nothing like that. You can mention in your 'TERMS AND SERVICE AGREEMENT' that :

1. Your passwords are unhashed
2. Company promises not to ever release it

And if they agree to it, you can basically let them play. As simple.

---

Re: Unhashed Passowords Against The Rules? - Burridge - 14.03.2016

You shouldn't be saving passwords in plain text, that's just silly! However it isn't against any rules that I am aware of when it comes to SA-MP servers.

---

Re: Unhashed Passowords Against The Rules? - SyS - 14.03.2016

Yeah as i told not hashing the pass is like phishing

---

Re: Unhashed Passowords Against The Rules? - K0P - 14.03.2016

Alright Thanks All!

---

Re: Unhashed Passowords Against The Rules? - Mauzen - 14.03.2016

I wouldnt ever play on a server or use a website when I know that it doesnt hash passwords properly. Thats a personal data leak, and theres not even a valid reason why you shouldnt hash it.
But its not against the rules.

---

Re: Unhashed Passowords Against The Rules? - Vince - 14.03.2016

Although the verb "exposing" is quite open for interpretation:
https://sa-mp.com/service_agreement.txt

---

Re: Unhashed Passowords Against The Rules? - Dawny - 14.03.2016

Fairly speaking, that still doesn't mean he cannot keep unhashed passwords. Its dumb to do so but there is no policy stating so, which is a fair point for those who want to understand it in whatever way. You're not REALLY exposing passwords, tbh.
Again, if its not wrong doesn't mean you don't do it.
So, yeah. Let's just move to hashing passwords instead.

---

Re: Unhashed Passowords Against The Rules? - Infinity - 14.03.2016

Personally, I think that it should be against the law. If ever someone manages to obtain your database/user files (through exploits, social engineering), you just risked the security of everyone who has ever made an account in your server. Do they use the same password for their email? Or maybe even for banking?

In other words, for fucks sake hash the passwords securely.

---

Re: Unhashed Passowords Against The Rules? - Mauzen - 14.03.2016

Remember the PSN hacks? Later sony said it would simply be cheaper to tell users about the data leak instead of securing it properly. Unless companies especially advertise with personal data security they probably give a shit about security. And thanks to lobby-democracy chances are low that politics will ever rate personal data higher than profit.

---

Re: Unhashed Passowords Against The Rules? - AmigaBlizzard - 17.03.2016

The server-owner has access to all your account-data even when it's hashed.
In a MySQL database, all your data is shown in a nice table with all info exposed like money, score, kills, deaths, whatever.

They could even hash their own password and replace your password with their hashed password and sell your account to someone else.
It's just a text-field in the database.

Nothing is safe, even when it's hashed.

Same rules for INI-files.
They're just saved in plain text.

---

Re: Unhashed Passowords Against The Rules? - Infinity - 17.03.2016

You're missing the point. If an owner decides to change some stats around, that's a dick move but nothing else. However, if he stored your password as plain text, he could also try using these passwords, for example, to login on their forum accounts here. Or their email. Or their PayPal/bank accounts. Or even worse, the database gets leaked and your password is out in the open.

@Mauzen:
That is exactly my point. As long as people get away with shit like that, nothing will change. Making it mandatory to secure the passwords, for example by law, would at least prevent shit like this.

---

Re: Unhashed Passowords Against The Rules? - K0P - 17.03.2016

I keep the password in both forms (Hashed + Unhashed)
Just for account recovery,i wont misuse that data
Ill never let that data too be leaked
As its against the rules & i dont want to get involved in this kind of stuff

---

Re: Unhashed Passowords Against The Rules? - AndySedeyn - 17.03.2016

Why even bother keeping them in both forms? The hashed version doesn't make any sense then, does it? There are plenty of alternative ways for a player to reset their password without you having to see what it is. Your intentions are probably good but you are pretty naive to think that everyone's intentions are good.

---

Re: Unhashed Passowords Against The Rules? - Burridge - 17.03.2016

You still shouldn't store their passwords in plain text. You never know if someone is going to be able to hack into the server and steal the data. Also people only have your word when you say you won't use that data.

---

Re: Unhashed Passowords Against The Rules? - Infinity - 17.03.2016

You say that the data will never be leaked. How will you do what so many others could not? Not even the larger companies such as Sony could prevent their data from being leaked.

---

Re: Unhashed Passowords Against The Rules? - Arastair - 17.03.2016

I agree

On Topic: I think it's against the agreement

---

Re: Unhashed Passowords Against The Rules? - Vince - 17.03.2016

This is quite probably the dumbest thing I've read today.

---

Re: Unhashed Passowords Against The Rules? - SickAttack - 17.03.2016

Which server do you own? To remind everyone, including myself, to never play on it.

Don't be stupid and hash those passwords!

Tip: Keep your hashing algorithm a secret! With it, people can retrieve anyone's password by enforcing brute force.

---