|
|
General discussion Topics related to various aspects of Champions of Regnum |
View Poll Results: Would you like to have the secure access for identification ? | |||
Yes it would be better and safer. | 16 | 72.73% | |
No it's useless/uneeded. | 3 | 13.64% | |
I don't know what is the secure layer or I just don't care ! | 3 | 13.64% | |
Voters: 22. You may not vote on this poll |
|
Thread Tools | Display Modes |
|
03-13-2012, 06:28 PM | #1 |
Banned
Join Date: Nov 2008
Location: France
Posts: 496
|
Unsecure forum account password - Requesting HTTPS access
Dear NGD,
Forum account password and regnum online characters are the same and it is unsecure. I know that it''s more easy access for common people who just want to play etc etc but the problem is that we send password in clear text via http protocol. What about give us secure layer access for identification process ? I think it can be easily done and added to your current webserver configuration and wont take you that much time as for fixing bugs in game. It's just a suggestion there... Regards. |
03-14-2012, 06:39 PM | #2 |
Initiate
Join Date: May 2010
Location: Europe, Germany
Posts: 128
|
I'm requesting that NGD change the Password saving method, too. Now passwords seems to be MD5 hashed.
MD5 is outdated and insecure, even when it's "salted". There are 5 cryptographic hash functions which are secure for the moment: RIPEMD-128/256 RIPEMD-160/320 SHA-256/224 SHA-512/384 WHIRLPOOL
__________________
One Ring to rule ... Regnum!
|
03-15-2012, 02:34 AM | #3 |
Marquis
Join Date: Mar 2007
Location: Edge of the Abyss
Posts: 2,066
|
I warned the people and NGD about this when I first looked at these forums years ago.
I told everyone to make a second account just to use on forums. My main account is banned from forums due to duplicate account rule that came later, but thats ok because this is only for forums (as it should be). Sometimes we need to let people stumble and make mistakes in life right? (Off topic) The game is good, but it would be GREAT if NGD created a new balance team that knew alot about their specific characters in all situation. (On topic) Several things can be done to make sure we don't get hacked like gamigo did. If you have any ideas please send them to ngd asap. |
03-15-2012, 08:19 AM | #4 | |
Pledge
Join Date: Oct 2010
Location: ARPANET
Posts: 10
|
Quote:
Quick search..
__________________
Phrack, Heax, Hexx and (not active or deleted) many more |
|
03-15-2012, 10:14 AM | #5 | |
Banned
Join Date: Jan 2011
Posts: 280
|
Quote:
|
|
03-24-2012, 12:58 PM | #6 |
Count
Join Date: Jun 2007
Posts: 1,186
|
Nice one! It should be present on forums, website and ticket system. It should not be much problem to set it, you only need valid certificate (besides setting apache to handle) afaik. NGD cannot influence much on website / forums / tickets core software security, but they can at least enhance it with https.
__________________
Inquisition |
Thread Tools | |
Display Modes | |
|
|