OK I created a profile and logged in.
Finished playing, logged out and went to the profile screen.
Problems:
What happens if I do not want to create a new profile or login in? I cannot cancel the screen. So I am stuck.
When I do login I have to enter my password and it shows in plain text, I am not happy about that. I would also like to know what mechanism is used to log in, is it secured in any way?
Beta 9 Profile Bug
Moderator: Moderator
Beta 9 Profile Bug
Regards
Jon.
Jon.
Re: Beta 9 Profile Bug
Regarding the password in plaintext:
While seeing the pw in plaintext on my screen is uncomfortable but not that much of an issue. But the safety issue made me worry too, when I noticed that its in plaintext in the logfile stdout.txt too... (dunno about the stderr).
While seeing the pw in plaintext on my screen is uncomfortable but not that much of an issue. But the safety issue made me worry too, when I noticed that its in plaintext in the logfile stdout.txt too... (dunno about the stderr).
-
Shoob
- Reaper
- Posts: 1535
- Joined: Mon Jan 22, 2007 6:31 pm
- Location: East of the sun, west of the moon
Re: Beta 9 Profile Bug
what also should happen is the "exit" on the profile menu be changed to "Back" or "Main Menu" or something similar.
and yeah probably either use * or use string.char(8226) (not sure if the latter works for all OS's) to replace each char on screen, that affects it on this end, however, there still is the question of encryption and your end too.
and yeah probably either use * or use string.char(8226) (not sure if the latter works for all OS's) to replace each char on screen, that affects it on this end, however, there still is the question of encryption and your end too.
Oliphant am I, and I never lie.
Re: Beta 9 Profile Bug
You actually don't have to log out each time, just exit the game and next time you'll play you get logged on Automatically.madmonk wrote:OK I created a profile and logged in.
Finished playing, logged out and went to the profile screen.
Problems:
What happens if I do not want to create a new profile or login in? I cannot cancel the screen. So I am stuck.
As for security:
Changing the password on screen to X or * or something else is quite easy, and removing it from stdout.txt is trivial, but the only way I see to secure the password transfer is either to use https (bleh) or use the Diffie-Hellman protocol for exchanging passwords. It's easier for me to help with diffie-helman actually...
Last edited by shani on Sun Aug 15, 2010 7:53 am, edited 1 time in total.
Re: Beta 9 Profile Bug
I would prefer Diffie-Helman.
Yes I know it automatically logs in, but I prefer to retain control (me being paranoid and so on) and log in when I want to.
Yes I know it automatically logs in, but I prefer to retain control (me being paranoid and so on) and log in when I want to.
Regards
Jon.
Jon.
Re: Beta 9 Profile Bug
Paranoid of me ? I'm saddened 
But yes this is the lets say alpha of the profiles, I too want to encrypt things.
HTTPS would work,there is a lua lib for it but it adds openssl as a requirement which I'm not too happy about, diffie helman I must admit I do not know much but I'm all for it
But yes this is the lets say alpha of the profiles, I too want to encrypt things.
HTTPS would work,there is a lua lib for it but it adds openssl as a requirement which I'm not too happy about, diffie helman I must admit I do not know much but I'm all for it
[tome] joylove: You can't just release an expansion like one would release a Kraken XD
--
[tome] phantomfrettchen: your ability not to tease anyone is simply stunning
--
[tome] phantomfrettchen: your ability not to tease anyone is simply stunning