Beta Release: Sophisticated Banking System - Page 3

Kristi · #31 02-22-2007, 09:51 PM

Quote:

Originally Posted by Gambet

I'd understand you arguing if there were currently a way to secure the passwords, but since there isn't, I don't really see why we need to continue going back and forth.

I understand the risks, thus you're talking to the wrong person. If I could secure the password system, I would.

Because you are calling the players idiots instead of doing anything. Revise the script to say *Staff can see your password, so do not choose anything that resembles passwords on other things you own* or something along those lines. Make it loud and clear.

There are things you can do to at least better it, like md5 ;/

Gambet · #32 02-22-2007, 09:57 PM

Quote:

Originally Posted by Kristi

Because you are calling the players idiots instead of doing anything. Revise the script to say *Staff can see your password, so do not choose anything that resembles passwords on other things you own* or something along those lines. Make it loud and clear.

There are things you can do to at least better it, like md5 ;/

You're calling the players idiots as much as I am, only in my case it's explicit and in yours it's implicit.

If someone wanted to go as far as trying to crack a persons password based on something as stupid as a Graal bank password, then what makes you think they wouldn't go to an md5 decryption site that does the work for them?

Sure, it would require an extra step, but if they're willing to do it in the first place, it won't stop them.

Kristi · #33 02-22-2007, 10:02 PM

Quote:

Originally Posted by Gambet

You're calling the players idiots as much as I am, only in my case it's explicit and in yours it's implicit.

If someone wanted to go as far as trying to crack a persons password based on something as stupid as a Graal bank password, then what makes you think they wouldn't go to an md5 decryption site that does the work for them?

Sure, it would require an extra step, but if they're willing to do it in the first place, it won't stop them.

There is nothing wrong with being more secure. Of course its still flawed, but it can still be a deterrent. Also, my request for stating that staff can see your password right in the npc, as my last post requested, still stands, not to mention the other safety edit (using player.account serverside instead of letting the client pass what their account name is, since they can change it)

Gambet · #34 02-22-2007, 10:03 PM

Quote:

Originally Posted by Kristi

There is nothing wrong with being more secure. Of course its still flawed, but it can still be a deterrent. Also, my request for stating that staff can see your password right in the npc, as my last post requested, still stands.

If I ever get back to touching up this system, then sure, but for now, I'll leave it up to whoever decides to use it on their server.

Twinny · #35 02-23-2007, 07:05 AM

How about instead of a password, the script generates a 5 number long code which is used as a pin? Saves letting the user possibly give out an important password.