When the game goes live, will https / ssl...
|
be implemented? On vindictus, people had to make alternate accounts just to chat in the forums since nexon hasn't switched to https. About a month ago, several people got hacked. It was at that point that other people mentioned they logged in with the client in the nexon folder. Usually, people logged in through the site first to access the client.
If needed, I can find a thread that was posted on that forum a while back that went into detail how easily it can be done with programs that doesnt require the person to be a hacker. I'm in network security, and its sad to see so many f2p games that dont encrypt their site to protect their gamers. edit: found the thread that goes into greater detail: http://forum.nexon.net/PopTag/forums/1/7438134/ShowThread.aspx Running isn't freedom. You should know that. ighnaz - Thanks for the beta key!!!! I HAVE NO MORE BETA KEYS!! Last edited by Soroban on Aug 24, 2011, 12:25:56 AM
| |
|
Definitely important for LAN parties and playing where others have access to your router.
If you have account problems please [url="http://www.pathofexile.com/support"]Email Support[/url]
| |
|
sounds like nexon's logins were sending unencrpyted plain-text. looking at the poe login script, i don't think our passwords are being sent via plaintext, only a hash. but i have no idea how possible it would be to intercept someone's hash and use it to login as them. and i could be wrong anyway :)
Last edited by feetonfire on Aug 24, 2011, 12:06:57 AM
|
|
" yeah, they are. and the majority have no idea its out in the open. and i updated the OP with the link that goes into more detail. he wrote it better than I could of. there's nothing worse than putting time and effort into a game only to have someone else come and take your stuff. here's to security. Running isn't freedom. You should know that.
ighnaz - Thanks for the beta key!!!! I HAVE NO MORE BETA KEYS!! | |
|
but as i said i don't think our logins are being sent as plaintext, which means it's not the same as what nexon did/does. but i could be wrong, maybe someone who knows more could comment.
Last edited by feetonfire on Aug 24, 2011, 12:35:07 AM
|
|
|
You talking about the client or the website? Sniff your website packets and see if it's doing pt.
If you have account problems please [url="http://www.pathofexile.com/support"]Email Support[/url]
| |
|
just the website (no beta!). i stepped through the login in chrome and it is hashing my password at least
Last edited by feetonfire on Aug 24, 2011, 12:46:39 AM
|
|
|
Can confirm (using the tamper data plugin in Firefox) that the password is being hashed before it is POSTed.I'm far from an expert on security but I'd have thought that simply hashing the password would be less secure than SSL.
In any case, SSL is easy, cheap, and eases the minds of people that are logging in. But, personally, I don't really care. I use a different password for everything anyway. Worst that can happen is someone hacks my account here and starts trolling. =) |
