Page 1 of 1
Beta 9 Profile Bug
Posted: Sat Aug 14, 2010 11:49 pm
by madmonk
OK I created a profile and logged in.
Finished playing, logged out and went to the profile screen.
Problems:
What happens if I do not want to create a new profile or login in? I cannot cancel the screen. So I am stuck.
When I do login I have to enter my password and it shows in plain text, I am not happy about that. I would also like to know what mechanism is used to log in, is it secured in any way?
Re: Beta 9 Profile Bug
Posted: Sun Aug 15, 2010 1:12 am
by Patryn
Regarding the password in plaintext:
While seeing the pw in plaintext on my screen is uncomfortable but not that much of an issue. But the safety issue made me worry too, when I noticed that its in plaintext in the logfile stdout.txt too... (dunno about the stderr).
Re: Beta 9 Profile Bug
Posted: Sun Aug 15, 2010 1:59 am
by Shoob
what also should happen is the "exit" on the profile menu be changed to "Back" or "Main Menu" or something similar.
and yeah probably either use * or use string.char(8226) (not sure if the latter works for all OS's) to replace each char on screen, that affects it on this end, however, there still is the question of encryption and your end too.
Re: Beta 9 Profile Bug
Posted: Sun Aug 15, 2010 5:38 am
by shani
madmonk wrote:OK I created a profile and logged in.
Finished playing, logged out and went to the profile screen.
Problems:
What happens if I do not want to create a new profile or login in? I cannot cancel the screen. So I am stuck.
You actually don't have to log out each time, just exit the game and next time you'll play you get logged on Automatically.
As for security:
Changing the password on screen to X or * or something else is quite easy, and removing it from stdout.txt is trivial, but the only way I see to secure the password transfer is either to use https (bleh) or use the Diffie-Hellman protocol for exchanging passwords. It's easier for me to help with diffie-helman actually...
Re: Beta 9 Profile Bug
Posted: Sun Aug 15, 2010 5:49 am
by madmonk
I would prefer Diffie-Helman.
Yes I know it automatically logs in, but I prefer to retain control (me being paranoid and so on) and log in when I want to.
Re: Beta 9 Profile Bug
Posted: Sun Aug 15, 2010 6:19 pm
by darkgod
Paranoid of me ? I'm saddened
But yes this is the lets say alpha of the profiles, I too want to encrypt things.
HTTPS would work,there is a lua lib for it but it adds openssl as a requirement which I'm not too happy about, diffie helman I must admit I do not know much but I'm all for it
