17.03.2016, 21:04
Unhashed Passowords Against The Rules?
17.03.2016, 22:02
17.03.2016, 22:13
Quote:
Which server do you own? To remind everyone, including myself, to never play on it.
Don't be stupid and hash those passwords! Tip: Keep your hashing algorithm a secret! With it, people can retrieve anyone's password by enforcing brute force. |
You are the 4th one saying that
17.03.2016, 22:14
Why would you need to save their password if you could simply reset their password for them and force a dialog that creates a new password?
17.03.2016, 22:15
Quote:
Why would you need to save their password if you could simply reset their password for them and force a dialog that creates a new password?
|
2.I dont like to add security questions in my server for recovery
3.I just asked "Unhashed Passowords Against The Rules?"
17.03.2016, 22:53
Quote:
1.I "used" that for situation like if the player forgets the password he can contact me,ill recover it
2.I dont like to add security questions in my server for recovery |
- Let players add an email address, which you could use to send them an email, where they can recover their password (steps may vary).
- Add a command for server managers and above that sets a player's password. Send that player their new temporary password and tell them to log in as soon as possible and to change their password with /changepass.
- As you said, predefined recovery questions.
- And many more.
Hashing passwords is a must, (assuming/implying) you don't know what could go wrong. You have no idea.
If you, a friend, or anyone else gets their hands on players' passwords and thinks of exposing them to others in a way and someone reports this matter to SA-MP's administration. You are in for trouble. It will ruin your server's reputation, your reputation and your server would be removed from hosted tab as you broke the service agreement.
And please don't say that you will make sure no-one gets their hands on those passwords you didn't hash. Because anything is possible and it can happen in so many ways.
Think about this and please consider taking our advice (remove unhashed passwords and always hash/encrypt extremely sensitive information).
18.03.2016, 06:19
Do you know any site or service that "recovers" your password and sends it to you in plain text? I don't. Most sites or services a) send you a new, randomly generated password which you can change after login or b) send you a link that can only be accessed once, to set a new password. Sites or services that do send passwords in plain text should be stayed far away from.
18.03.2016, 08:20
Quote:
Do you know any site or service that "recovers" your password and sends it to you in plain text? I don't. Most sites or services a) send you a new, randomly generated password which you can change after login or b) send you a link that can only be accessed once, to set a new password. Sites or services that do send passwords in plain text should be stayed far away from.
|
20.03.2016, 22:39
Quote:
Fairly speaking, that still doesn't mean he cannot keep unhashed passwords. Its dumb to do so but there is no policy stating so, which is a fair point for those who want to understand it in whatever way. You're not REALLY exposing passwords, tbh.
Again, if its not wrong doesn't mean you don't do it. So, yeah. Let's just move to hashing passwords instead. |
Quote:
(f) You may not violate the privacy of a player, service provider or server operator by means of exposing passwords or identities without consent. |
21.03.2016, 04:44
« Next Oldest | Next Newest »
Users browsing this thread: 1 Guest(s)