14.03.2016, 12:06
(
Last edited by K0P; 18/03/2016 at 08:37 AM.
Reason: Delete The Thread
)
Delete
(f) You may not violate the privacy of a player, service provider or server operator by means of exposing passwords or identities without consent.
Although the verb "exposing" is quite open for interpretation:
Code:
(f) You may not violate the privacy of a player, service provider or server operator by means of exposing passwords or identities without consent. |
Personally, I think that it should be against the law. If ever someone manages to obtain your database/user files (through exploits, social engineering), you just risked the security of everyone who has ever made an account in your server. Do they use the same password for their email? Or maybe even for banking?
In other words, for fucks sake hash the passwords securely. |
The server-owner has access to all your account-data even when it's hashed.
In a MySQL database, all your data is shown in a nice table with all info exposed like money, score, kills, deaths, whatever. They could even hash their own password and replace your password with their hashed password and sell your account to someone else. It's just a text-field in the database. Nothing is safe, even when it's hashed. Same rules for INI-files. They're just saved in plain text. |
Personally, I think that it should be against the law. If ever someone manages to obtain your database/user files (through exploits, social engineering), you just risked the security of everyone who has ever made an account in your server. Do they use the same password for their email? Or maybe even for banking?
In other words, for fucks sake hash the passwords securely. |
I keep the password in both forms (Hashed + Unhashed)
Just for account recovery,i wont misuse that data Ill never let that data too be leaked As its against the rules & i dont want to get involved in this kind of stuff |