Quote:
Originally Posted by Gambet
I'm going to assume you overlooked this part, then:
if (gambet_bankDB.(@params[1]) == "")
|
params[1] can be anything the client passes it, for example, sadgkhssdfsdkjlj! So its still exploitable to keep filling your database, even claiming bank accounts for other peoples graal accounts BEFORE they do :O.
if(gambet_bankDB.(@player.account) == "")
Quote:
Originally Posted by Gambet
I guess, but I can't exactly make up for the stupidity of some of the users. No matter how much thought you give into it, there will always be a skilled scripter that can find out the information anyways.
I don't exactly see a fullproof way of doing it.
|
Then just DONT do it! Graal, as of now, has no safe way to protect data in a client. Why even present a risk you KNOW is there. Do you plan on telling the players its POSSIBLE a rouge staff could get their password if they wanted to? How would they feel about it? You cannot just let them believe its safe.
I don't ever make my passwords the same theme, but MOST people do.
Quote:
Originally Posted by Gambet
That onCheckWhatever part was created by Joey.
If you look at the rest of the script, I didn't do such in my custom functions.
|
Hey, in the end it was your release.
Quote:
Originally Posted by Gambet
Wouldn't be a risk if the players would use some logic.
Though, I still don't know of a fullproof way of doing it, because there will always be methods of finding the password data.
|
You cannot assume all (even most) players are logical. It is your job to protect such data if you are going to ask for it, and honestly, with what is available to graal, you can't.