DragonPrime - LoGD Resource Community
Welcome Guest
  • Good evening, Guest.
    Please log in, or register.
  • November 18, 2018, 09:15:15 PM
Home Forums News Downloads Login Register Advanced Search
* * *
DragonPrime Menu
Login
 
 
Resource Pages
Search

Pages: [1]   Go Down
  Print  
Author Topic: help me  (Read 4996 times)
0 Members and 1 Guest are viewing this topic.
hyperj
Guest
« on: February 10, 2006, 11:05:51 AM »

Does any one know how to configure the password part in the mysql data so it will show the passwords instead of encrypting them? I just like to have security on my server. And It will be easier if they don't have an email and they can just email me for help too.
I AM NOT A HACKER
thanks,
hyperj

* Please Visit my server @ www.raversworld.com *
Logged
Elessa
Faerie
Mod God
*****
Offline Offline

Posts: 3598


short, sweet and to the point


View Profile
« Reply #1 on: February 10, 2006, 11:32:49 AM »

bad plan. ye may not be a hacker, but what about other members of your staff who may get the idea to try to use the password to access other accounts belonging to the player.

many people tend to use the same nick and p/w for other things.  it is safest for all involved not to have visible passwords.

should the player not hath an e-mail then perhaps ye should hath a policy that they cannot play.  easy enough to do searches for them, then send a YOM to them as a reminder to add it.

it is just not a good idea to have anyone's p/w visible to anyone else. good intentioned or not.

on my server, if ye do not have the commonsense to hath an e-mail address for the account and ye forget the p/w ye are simply out of luck.
Logged

Uuma ma ten rashwe, ta tuluva a lle

Play the latest beta version here on LoGD DragonPrime - Axebridge
Turock
Guest
« Reply #2 on: February 10, 2006, 11:52:24 AM »

I AM NOT A HACKER

 Roll Eyes
Logged
kickme
Global Moderator
Mod God
*****
Offline Offline

Posts: 1589


Yay for elephants!


View Profile WWW
« Reply #3 on: February 10, 2006, 12:18:17 PM »

This would require you to edit all the files that do anything to the password BEFORE installing or the users that all ready have registered will have to use a hash to log in.
Logged

Waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka waka
Catscradler
Guest
« Reply #4 on: February 10, 2006, 03:11:27 PM »

Modern basic security practises say: An administrator should be able to change a user's password, but should never be able to see the password itself.

As has been said above, this is because most users use the same password for many different services, and the administrator should never be able to masquerade as one of their users on a service that is not under that administrator's control.
Logged
DaveS
Mod God
*****
Offline Offline

Posts: 1544


Dfly... you know, as in DaveFly


View Profile
« Reply #5 on: February 10, 2006, 04:19:14 PM »

And I would argue that if you are determined to go this route, you should give full disclosure on your site.  Something to the effect of:

Quote
I will have access to your Passwords and I know what your password is.  Please be assured that I am not a Hacker though.   Cross my fingers and hope to die. Just trust me that I'm not a Hacker.  Please feel free to use your regular password that you use on all your accounts.  In fact, it may be easier if you use your social security number as your password.

I would be very upset if I found that an administrator was "using" my password to help keep me safe.
« Last Edit: February 10, 2006, 04:19:58 PM by DaveS » Logged

Check out my Last Module:
The Dragon Eggs Expansion
http://dragonprime.net/index.php?topic=8474.0

About my Retirement:
http://dragonprime.net/index.php?topic=9080

See my complete module list here:
http://dragonprime.net/index.php?topic=3038.0
SaucyWench
Mod God
*****
Offline Offline

Posts: 2238


I'm a good girl.


View Profile WWW
« Reply #6 on: February 10, 2006, 11:59:25 PM »

I concur. There is no reason whatsoever for you to need this. Even if you had not mentioned hacker, it is exactly what I would think.

I have had probably 500 players forget their password in my time running Central server and I never ever needed to know what it was even once.

If they forget their password I just use something random using their name. If their email address was SevenAces@whatever i would set the new password to SixAndSeven or SevenSwans or KingsAndAces, mail the email address IN THEIR CHARACTER INFO (never to any email address they sent in a petition) and tell them to log in and change it immediately. If they mailed from a different address I simply told them, "It has been sent to the email address that you put into your Preferences."

THAT is security. An admin being able to see their password is the very opposite. Eric and JT encrypted the passwords on purpose because they WROTE the game and knew it was not necessary to see them.
Logged

SaucyWench
Owner of GemDust.com and Darton City proudly hosted by LunarPages
ShadowRaven
Mod God
*****
Offline Offline

Posts: 805


Silence is a virtue...


View Profile WWW
« Reply #7 on: February 11, 2006, 01:59:59 AM »

And It will be easier if they don't have an email and they can just email me for help too.
I AM NOT A HACKER

If they don't have an E-mail address...How can they E-mail you for help??   Shocked

You claim you want security, yet you are trying to take out one of the very things that helps ensure security? Doesn't make much sense to me...
Logged

robert
Old Dog
Mod God
*****
Offline Offline

Posts: 1047


LoGD Buff!


View Profile WWW
« Reply #8 on: February 11, 2006, 08:38:48 AM »

I see this as a request for assistance to hack/change/alter core files.

While Dragon Prime will cheerfully assist those who code modifications via modules - the members here wont/shouldnt help anyone alter the core game files.

If you are able to do that on your own, more power to you.
If you do make core changes, then also be forwarned that core changes are not supported, be code proficient enough to fix anything/everything that breaks before you go hacking core files, else, ...leave them alone.
Logged

Lord Zeus
Member
Militia
**
Offline Offline

Posts: 42


God of Lightning


View Profile
« Reply #9 on: February 11, 2006, 09:24:20 AM »

Why would you need their password anyways to keep it safe? its safe when no one knows anyones password exept their own. but thats my point of view
Logged
Adept
Codemeister
****
Offline Offline

Posts: 279

I'm a llama!


View Profile WWW
« Reply #10 on: February 11, 2006, 09:24:01 PM »

sometimes you need to login as a user to understand what their problem is and resolve it.   knowing their password,  which i could see on a 0.97 game,  made it quite quick to do.

this the only reason i can think of to be able to see the passwords.

that being said, it aint required to see the password to login as them.  just cut and paste their encrypted password to notepad or whatever then cut and paste your encrypted password into theirs.

log in as them.  do whatever ya gotta do.  then simply paste their original password back.
Logged
scooter2
Guest
« Reply #11 on: February 12, 2006, 01:07:06 PM »

We had a problem with one of our members, and we went in as them, by changing the password and fixed what was the problem, Emailed them to the email they had signed up with, and all was okay. They went in and changed the password to what ever it was before, or they changed it to something else. I rather not know what the password is then no one can accuse us of using their password. Why would anyone want to know what someones password is? I find not knowing someones password is best.
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  


*
DragonPrime Notices
Play LoGD on Dragonprime

Support Us
No funds raised yet this year
Your help is greatly appreciated!
Recent Topics
DragonPrime LoGD
Who's Online
68 Guests, 0 Users
Home Forums News Downloads Login Register Advanced Search