Username:    Password:    Remember Me?         

Reverie World Studios Forums - View Single Post - Message for Dev. Team
View Single Post
  #5  
Old 01-28-2014, 11:08 AM
Myso Myso is offline
Junior Member
 
Join Date: Jan 2014
Posts: 1
Myso has a default reputation
Default

This issue is always my first port of call with any new account creation.

The clear fact that you are storing all passwords as plain text makes you the first port of call to ANY level of hacker as password scraping is a VERY sought after type of information gathering, you don't just open the door to your own site but expose unwary users to security issues on other sites using the same information they use here, because not everyone uses different credentials elsewhere.
So you owe it to your customers to protect their information above all else! regardless of how small it may be.

All that needs to be done is to MD5/SHA1 the password with a Salt to prevent easy reading and have anyone really wanting this info to waste a LOT of CPU time, and if the user forgets their password just create a random array of password characters for them to login, so they can change it. It's more than simple & I really shouldn't have to suggest this in the first place!

Don't be so naive in thinking it won't happen to you! You have exposure on Steam and how many Steam users are involved in hacking? If you can't implement this simple security then what's to say your game coding doesn't have the potential to expose this data?

Maybe just think of the bad press and loss of business when all your users find their passwords were stolen due to the most simple of security fixes?

I just hope that when it happens you get forewarned of the data being disclosed & they give you time to fix it.
Reply With Quote