The need of encrypting the login on the web

Forum for suggesting changes to Salem.

Re: The need of encrypting the login on the web

Postby Taipion » Sun Feb 11, 2018 12:58 am

I actually always wondered the same.

+1 for why it is that way ^^
Need something? Here is my Shop (Including some useful info for new/returning players at the bottom of the first post)
Taipion
 
Posts: 2659
Joined: Fri Mar 08, 2013 4:12 pm

Re: The need of encrypting the login on the web

Postby Nsuidara » Sun Feb 11, 2018 12:58 am

Freedoom wrote:It is needed (with some urgency) to add an encryptation to the loging in the loging page. Why? Because if anybody log into the game using a public network could lose his or her account. Why? Because the login should be in a https page, so now the information of user and pass is travelling across the network without encrypting and that means anybody can sniff that information and steal it.

You have 100% right...
but but do not demand this from this devs :P (can't say why)
because i'm not wanna be salty and got BAN :P
\(*o*)\ Praying in the Marp Church may reduce the time for update /(*o*)/
User avatar
Nsuidara
Customer
 
Posts: 1995
Joined: Fri Aug 17, 2012 11:50 pm
Location: Poland

Re: The need of encrypting the login on the web

Postby grimkid » Mon Feb 12, 2018 1:10 pm

Freedoom wrote:All that is cool, but imagine the case when a person is usen the same pass for different things, like: Salem, hotmail, Gmail, etc. and then if he/she lost 1 login also is losing other things more importants. It is only an example, but I see You have a great understanding of the concept security, anyway, what matters? Only It would be a little bug in something which you are offering to the public and can ***** her life. Nothing important. And me worried because I thought a good computer technician or a software developer or etc. have to offer always a product free of bugs and overall: safe. That is the minimum. But it is ok, don't fix nothing :). Anyway, to the normal people: better don't connect to the forum page in public or shared networks...


That's called social engineering on personal security ignorance:D. It's a thing where people say "i have nothing to hide" and don't really care about common sense security measures, and use same password for everything. If you use this kind of aittude regarding you own personal security , you must be an awesome target for the raiders as well in-game.

since this game is about paranoia and trust issues, and how to be cautious (not all the time but heh) , most of salem community i imagine have the same atitude regarding personal accounts and all that.

Just like you teach you grandparents not to click on ads that will lead them to porn, you teach yoruself to properly secure your personal accounts with proper passwords.

tldr: -1000 on this one. The system went well so far, the devs are doing great at what they do, no need to use their time on petty things like this one.
grimkid
 
Posts: 195
Joined: Sun Jan 24, 2016 3:01 am

Re: The need of encrypting the login on the web

Postby Freedoom » Wed Feb 14, 2018 1:48 pm

Dallane wrote:
Freedoom wrote:All that is cool, but imagine the case when a person is usen the same pass for different things, like: Salem, hotmail, Gmail, etc. and then if he/she lost 1 login also is losing other things more importants. It is only an example, but I see You have a great understanding of the concept security, anyway, what matters? Only It would be a little bug in something which you are offering to the public and can ***** her life. Nothing important. And me worried because I thought a good computer technician or a software developer or etc. have to offer always a product free of bugs and overall: safe. That is the minimum. But it is ok, don't fix nothing :). Anyway, to the normal people: better don't connect to the forum page in public of shared networks...


I do want to clarify that I do agree that the page should be in https. As with all things security related there might be a reason it's not implemented. I just checked haven and hearth and it is in the same situation. Loftar more than likely has a good reason why it's not on there or here. Have you checked the client log in?


I think all this is because a forgotten change in the forum's loging page, only that, in my opinion.

I can try to check the client loging if You want, but I will spend a time for seeing it.
Freedoom
 
Posts: 72
Joined: Wed Sep 27, 2017 6:31 am

Re: The need of encrypting the login on the web

Postby Freedoom » Wed Feb 14, 2018 1:55 pm

grimkid wrote:
Freedoom wrote:All that is cool, but imagine the case when a person is usen the same pass for different things, like: Salem, hotmail, Gmail, etc. and then if he/she lost 1 login also is losing other things more importants. It is only an example, but I see You have a great understanding of the concept security, anyway, what matters? Only It would be a little bug in something which you are offering to the public and can ***** her life. Nothing important. And me worried because I thought a good computer technician or a software developer or etc. have to offer always a product free of bugs and overall: safe. That is the minimum. But it is ok, don't fix nothing :). Anyway, to the normal people: better don't connect to the forum page in public or shared networks...


That's called social engineering on personal security ignorance:D. It's a thing where people say "i have nothing to hide" and don't really care about common sense security measures, and use same password for everything. If you use this kind of aittude regarding you own personal security , you must be an awesome target for the raiders as well in-game.

since this game is about paranoia and trust issues, and how to be cautious (not all the time but heh) , most of salem community i imagine have the same atitude regarding personal accounts and all that.

Just like you teach you grandparents not to click on ads that will lead them to porn, you teach yoruself to properly secure your personal accounts with proper passwords.

tldr: -1000 on this one. The system went well so far, the devs are doing great at what they do, no need to use their time on petty things like this one.


I am agree about the first person who has to be careful is the user, but You have to understand that when someone is offering a software product has also part of the responsability of offering* a safe product. Then, both groups (users and developers) have to do their works.

Can you imagine to somebody of Windows saying what You are saying in the moment when a bug has appeared in his/her software?.

-------
Nsuidara wrote:
Freedoom wrote:It is needed (with some urgency) to add an encryptation to the loging in the loging page. Why? Because if anybody log into the game using a public network could lose his or her account. Why? Because the login should be in a https page, so now the information of user and pass is travelling across the network without encrypting and that means anybody can sniff that information and steal it.

You have 100% right...
but but do not demand this from this devs :P (can't say why)
because i'm not wanna be salty and got BAN :P


I try not to demand, but to suggest, although I have a personal problem for diplomacy, but I do not have bad intentions.
Freedoom
 
Posts: 72
Joined: Wed Sep 27, 2017 6:31 am

Re: The need of encrypting the login on the web

Postby grimkid » Wed Feb 14, 2018 2:10 pm

the client is open-source. If you haven't been born today, you know that is prone to problems, and you take precautions.
grimkid
 
Posts: 195
Joined: Sun Jan 24, 2016 3:01 am

Re: The need of encrypting the login on the web

Postby Freedoom » Thu Feb 15, 2018 4:10 pm

It has not sense if a lady of 50 years had to know how to fix the security of her network, before that, a sowftware provider should have to offer a 100% safe software product. Not all people knows about computers.

Anyway, is an added problem that the logging in forum is the same that game logging. If you lose your forum account, you loose your game account. And It is not has to be in the same network at the begginning, a hacker only would need to begin the process getting into a pc with netwoork close to the yours, scanning wifi networks, finding your network in the radius and checking your router confuguration :). It is a way, but there are more.
Freedoom
 
Posts: 72
Joined: Wed Sep 27, 2017 6:31 am

Re: The need of encrypting the login on the web

Postby Dallane » Thu Feb 15, 2018 5:05 pm

Freedoom wrote: a sowftware provider should have to offer a 100% safe software product.


They should but a vast majority don't provide much. Developers aren't trained in security they are trained to engineer software. Same with tech support people. Outside of resetting passwords and making tickets security isn't your top priority. On my job I had to learn that outside of STIG no one gives a *****.

It's impossible to provide a 100% safe software product. If someone wants in or to break it then they will find a way.

Freedoom wrote:Not all people knows about computers.


A recent study showed that about only 5% of us know anything about computers and how to use them.

Freedoom wrote:Anyway, is an added problem that the logging in forum is the same that game logging. If you lose your forum account, you loose your game account. And It is not has to be in the same network at the begginning, a hacker only would need to begin the process getting into a pc with netwoork close to the yours, scanning wifi networks, finding your network in the radius and checking your router confuguration :). It is a way, but there are more.


I'm not sure if your english is bad or you have been watching too much Mr. Robot but like I said before no one is looking to hi jack your salem account. I don't think your account page here has any sort of information that could lead someone down the road to finding your email or other login type information. That is unless you are using freedoom as your normal log in for most things.
Please click this link for a better salem forum experience

TotalyMeow wrote: Claeyt's perspective of Salem and what it's about is very different from the devs and in many cases is completely the opposite of what we believe.
User avatar
Dallane
Moderator
 
Posts: 15195
Joined: Wed Aug 01, 2012 2:00 pm

Re: The need of encrypting the login on the web

Postby Faultierstein » Fri Mar 30, 2018 4:08 pm

this made me laugh a little tbh, dont be dumb enough to use your password for your email simple as that, although with the omnibus bill being signed it doesn't much give a crap since foreign police as well as our own can hack into anyone's account including email and facebook without having to worry about law
Faultierstein
 
Posts: 114
Joined: Mon Jan 25, 2016 1:05 am

Re: The need of encrypting the login on the web

Postby Nsuidara » Fri Mar 30, 2018 8:12 pm

@Dallane, what dumb arguments.... even my https://salem.nsuidara.eu/equipment/ have https...

Devs don't give https because only lanzy and propably "hosting" is totaly old...
- lack of experience and knowledge - but isn't hard knowledge... but lanzy...


only pity words....
\(*o*)\ Praying in the Marp Church may reduce the time for update /(*o*)/
User avatar
Nsuidara
Customer
 
Posts: 1995
Joined: Fri Aug 17, 2012 11:50 pm
Location: Poland

PreviousNext

Return to Ideas & Innovations

Who is online

Users browsing this forum: No registered users and 4 guests

cron