Go Back   Champions of Regnum > English > General discussion

General discussion Topics related to various aspects of Champions of Regnum

View Poll Results: Would you like to have the secure access for identification ?
Yes it would be better and safer. 16 72.73%
No it's useless/uneeded. 3 13.64%
I don't know what is the secure layer or I just don't care ! 3 13.64%
Voters: 22. You may not vote on this poll

Reply
 
Thread Tools Display Modes
Old 03-13-2012, 06:28 PM   #1
Tigerious
Banned
 
Tigerious's Avatar
 
Join Date: Nov 2008
Location: France
Posts: 496
Tigerious is an unknown quantity at this point
Default Unsecure forum account password - Requesting HTTPS access

Dear NGD,

Forum account password and regnum online characters are the same and it is unsecure. I know that it''s more easy access for common people who just want to play etc etc but the problem is that we send password in clear text via http protocol.
What about give us secure layer access for identification process ? I think it can be easily done and added to your current webserver configuration and wont take you that much time as for fixing bugs in game.
It's just a suggestion there...

Regards.
Tigerious no ha iniciado sesión   Reply With Quote
Old 03-14-2012, 06:39 PM   #2
Ashnurazg
Initiate
 
Ashnurazg's Avatar
 
Join Date: May 2010
Location: Europe, Germany
Posts: 128
Ashnurazg is on a distinguished road
Default

I'm requesting that NGD change the Password saving method, too. Now passwords seems to be MD5 hashed.
MD5 is outdated and insecure, even when it's "salted".

There are 5 cryptographic hash functions which are secure for the moment:
RIPEMD-128/256
RIPEMD-160/320
SHA-256/224
SHA-512/384
WHIRLPOOL
__________________
One Ring to rule ... Regnum!
Ashnurazg no ha iniciado sesión   Reply With Quote
Old 03-15-2012, 02:34 AM   #3
DemonMonger
Marquis
 
DemonMonger's Avatar
 
Join Date: Mar 2007
Location: Edge of the Abyss
Posts: 2,066
DemonMonger is on a distinguished road
Default

I warned the people and NGD about this when I first looked at these forums years ago.
I told everyone to make a second account just to use on forums.

My main account is banned from forums due to duplicate account rule that came later, but thats ok because this is only for forums (as it should be).

Sometimes we need to let people stumble and make mistakes in life right?

(Off topic)
The game is good, but it would be GREAT if NGD created a new balance team that knew alot about their specific characters in all situation.

(On topic)
Several things can be done to make sure we don't get hacked like gamigo did. If you have any ideas please send them to ngd asap.
DemonMonger no ha iniciado sesión   Reply With Quote
Old 03-15-2012, 08:19 AM   #4
Phrack
Pledge
 
Phrack's Avatar
 
Join Date: Oct 2010
Location: ARPANET
Posts: 10
Phrack is on a distinguished road
Default

Quote:
Originally Posted by Tigerious View Post
Dear NGD,

Forum account password and regnum online characters are the same and it is unsecure. I know that it''s more easy access for common people who just want to play etc etc but the problem is that we send password in clear text via http protocol.
What about give us secure layer access for identification process ? I think it can be easily done and added to your current webserver configuration and wont take you that much time as for fixing bugs in game.
It's just a suggestion there...

Regards.
mehh

Quick search..
__________________
Phrack, Heax, Hexx and (not active or deleted) many more

Phrack no ha iniciado sesión   Reply With Quote
Old 03-15-2012, 10:14 AM   #5
isgandarli
Banned
 
isgandarli's Avatar
 
Join Date: Jan 2011
Posts: 280
isgandarli is on a distinguished road
Default

Quote:
Originally Posted by Phrack View Post
DDOS won't give you anything useful
isgandarli no ha iniciado sesión   Reply With Quote
Old 03-24-2012, 12:58 PM   #6
Anpu
Count
 
Anpu's Avatar
 
Join Date: Jun 2007
Posts: 1,186
Anpu will become famous soon enough
Default

Nice one! It should be present on forums, website and ticket system. It should not be much problem to set it, you only need valid certificate (besides setting apache to handle) afaik. NGD cannot influence much on website / forums / tickets core software security, but they can at least enhance it with https.
__________________

Inquisition
Anpu no ha iniciado sesión   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:31 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
NGD Studios 2002-2024 © All rights reserved