Register for your free account! | Forgot your password?

You last visited: Today at 03:27

  • Please register to post and access all features, it's quick, easy and FREE!


[EU] Emerald Conquer!

Discussion on [EU] Emerald Conquer! within the CO2 PServer Archive forum part of the CO2 PServer Advertising category.

Closed Thread
 
Old 12/02/2018, 20:21   #16
 
elite*gold: 66
Join Date: Feb 2008
Posts: 916
Received Thanks: 483
I can't really understand why there is such a huge discussion about saving passwords.. I mean we got brains or not? Everybody should know that likely every private server is saving them, which means you should be smart enough to use different ids, pws and emails for private servers as you use them for your email, paypal, steam whatever..



_MaryJuana is offline  
Old 12/02/2018, 21:00   #17
 
elite*gold: 0
Join Date: Nov 2010
Posts: 9
Received Thanks: 0
This server is just a trash, he proved it today. The GM abused his powers and gave his friend items, super gems, made him sockets, just to win the GW. Also he joined his GM account to his friend guild to win the pole with full +12 2soc -7 255 hp sdg sdg gear, while every normal player has super +3/4 1soc items. RIP This server !


TrapNZap is offline  
Old 12/03/2018, 14:20   #18
 
elite*gold: 0
Join Date: Aug 2016
Posts: 91
Received Thanks: 8
Quote:
Originally Posted by _MaryJuana View Post
I can't really understand why there is such a huge discussion about saving passwords.. I mean we got brains or not? Everybody should know that likely every private server is saving them, which means you should be smart enough to use different ids, pws and emails for private servers as you use them for your email, paypal, steam whatever..
That what I said.

Quote:
Originally Posted by TrapNZap View Post
This server is just a trash, he proved it today. The GM abused his powers and gave his friend items, super gems, made him sockets, just to win the GW. Also he joined his GM account to his friend guild to win the pole with full +12 2soc -7 255 hp sdg sdg gear, while every normal player has super +3/4 1soc items. RIP This server !
New accusation, I know very well that success is difficult
- D is offline  
Old 12/03/2018, 17:26   #19
 
elite*gold: 12
Join Date: Jul 2011
Posts: 7,263
Received Thanks: 3,523
Quote:
Originally Posted by _MaryJuana View Post
I can't really understand why there is such a huge discussion about saving passwords.. I mean we got brains or not? Everybody should know that likely every private server is saving them, which means you should be smart enough to use different ids, pws and emails for private servers as you use them for your email, paypal, steam whatever..
You can only hope that a player is responsible with their data. You cannot expect it, there are lots of people who don't understand computers or account security best practices. End of the day: there's no reason this server should be storing passwords in plain text. My server doesn't do that, it uses a salted SHA-256 hash. Epoch, ConquerGods, Shannara, Play Conquer, Primal, etc all store passwords as hashes. It's not difficult to do, and it guarantees at least some level of player account security.


Spirited is offline  
Thanks
1 User
Old 12/03/2018, 20:37   #20
 
elite*gold: 0
Join Date: Jan 2008
Posts: 1,397
Received Thanks: 1,068
Quote:
Originally Posted by _MaryJuana View Post
I can't really understand why there is such a huge discussion about saving passwords.. I mean we got brains or not? Everybody should know that likely every private server is saving them, which means you should be smart enough to use different ids, pws and emails for private servers as you use them for your email, paypal, steam whatever..
There is no reason to save the password encrypted or in plaintext. Any decent server should know that. First, why would I trust the owner that have potentially my email and a password to not try to login to other services (passwords are rarely totally unique)? And how can I trust the hosting machine to never be hacked?

I would even go further and say that you shouldn't store a plain hash of the password as it is still vulnerable to rainbow tables. Last account server I developed, passwords were hashed, salted and derived like 10'000 times with PBKDF2. It takes less than 10 lines in C# to do that.
CptSky is offline  
Thanks
2 Users
Old 12/03/2018, 22:12   #21
 
elite*gold: 0
Join Date: Aug 2016
Posts: 91
Received Thanks: 8
Quote:
Originally Posted by CptSky View Post
There is no reason to save the password encrypted or in plaintext. Any decent server should know that. First, why would I trust the owner that have potentially my email and a password to not try to login to other services (passwords are rarely totally unique)? And how can I trust the hosting machine to never be hacked?

I would even go further and say that you shouldn't store a plain hash of the password as it is still vulnerable to rainbow tables. Last account server I developed, passwords were hashed, salted and derived like 10'000 times with PBKDF2. It takes less than 10 lines in C# to do that.
For make sure @ SHA256('".$password."')

- D is offline  
Old 12/10/2018, 02:31   #22
 
elite*gold: 0
Join Date: Feb 2018
Posts: 8
Received Thanks: 1
I can vouch. Good server. Takes a day or two to get in fighting shape - but doesn't require playing 8 hours a day to get somewhere. Owner is active and does his best to keep things sorted and regularly updates.
swildwest is offline  
Old 12/11/2018, 04:05   #23
 
elite*gold: 0
Join Date: Aug 2016
Posts: 91
Received Thanks: 8
NEW UPDATE!

New welcome message added
Lord Token icon changed
Ethereal Ticket icon changed
You can not use Hercules skill on Fast Blade and Scent Sword event anymore!
You can not use Thunder skill on Fast Blade and Scent Sword event anymore!
Notifications with Effect add to +stone and DragonBall
Meteor Doves character stuck has been solved
Boss drop rates has been changed
+3Stone added, Dbs increased and Moneybags
Hercules skill attack has been reduced and the range of the skill reduced also
Pole Domination HP changed
MB quest tokens rates changed
You can go the Death Tactic from first npc!
Flower Gem quest added
You can collect 5 Flowers by killing mobs in this quest to get random Super Gem!
Adventure Land quest added
You can collect 5 Magic Beans by killing mobs in this quest to get random rewards. (mets/dbs included).
Soc rates increased
Lava Lord added to the heaven (Hourly xx:51)
You may get +4 Stone or anything else.
Back Sword proficiency added to Proficiency ***
Lotto rewards increased






- D is offline  
Old 12/11/2018, 18:01   #24
 
elite*gold: 0
Join Date: Oct 2007
Posts: 1,543
Received Thanks: 608
Quote:
Originally Posted by - D View Post
For make sure @ SHA256('".$password."')

Really? Of all the hashing methods you chose one of the weaker ones...

SHA256? You are using MD5 by the screenshot.

Also, have a look at prepared statements.
turk55 is offline  
Old 12/11/2018, 22:10   #25
 
elite*gold: 0
Join Date: Aug 2016
Posts: 91
Received Thanks: 8
Quote:
Originally Posted by turk55 View Post
Really? Of all the hashing methods you chose one of the weaker ones...

SHA256? You are using MD5 by the screenshot.

Also, have a look at prepared statements.
I don't like you and i don't like to talk with you. bff
- D is offline  
Old 12/12/2018, 03:05   #26
 
elite*gold: 12
Join Date: Jul 2011
Posts: 7,263
Received Thanks: 3,523
Quote:
Originally Posted by - D View Post
I don't like you and i don't like to talk with you. bff
He's right... but at least it's better than plain text...

Edit: Nevermind. This is a complete lie and you're still storing passwords in plain text. Come on, dude.

Spirited is offline  
Old 12/12/2018, 14:13   #27
 
elite*gold: 0
Join Date: Aug 2016
Posts: 91
Received Thanks: 8
Quote:
Originally Posted by Spirited View Post
He's right... but at least it's better than plain text...

Edit: Nevermind. This is a complete lie and you're still storing passwords in plain text. Come on, dude.

Lol
- D is offline  
Old 12/12/2018, 18:04   #28
 
elite*gold: 0
Join Date: Oct 2007
Posts: 1,543
Received Thanks: 608
Quote:
Originally Posted by - D View Post
I don't like you and i don't like to talk with you. bff
I don't care if you like me or not, I don't exactly like you either. Your response already shows your professionalism.
turk55 is offline  
Old 12/22/2018, 19:56   #29
 
elite*gold: 0
Join Date: Aug 2016
Posts: 91
Received Thanks: 8
Christmas Event! Dec 21, 2018 - Jun 1, 2019.


[1033] Patch Notes!
- D is offline  
Old 01/11/2019, 02:19   #30
 
elite*gold: 0
Join Date: Jan 2019
Posts: 1
Received Thanks: 0
i've only registered a new account to tell you that you shouldn't be stubborn when someone more experienced try to give you an advice, even when it's ill mannered or not phrased in the most kind way, nevertheless, they're absolutely right
in the screenshot, you're clearly using md5, go ahead and look up those hashs, ex. the second one, "68b74872368d6742ecb24537351de526" that's "letmego123"

with bad security awareness, your best bet is best practices, you're currently using PHP/5.2.6, are you aware how many exploits there is to compromise the users table on your precious db? check for yourself (not talking about anything advanced, a skid can get that done)


if there is anything i learned being on this form for years, it's that it's always better to go learn and study instead of arguing; also it's okay not to know about something, but it's never okay to push people away when they try to help/criticize you, you're on epvp, not defending your phd .

edit: to make this more helpful, you can simply generate new random password, hash it and send it to the user email, all it takes is literally 2 google searches.
generate random password:
send email in php:

i swear, i've junior developers at my company who only use snippets from stack over flow and get paid for it :')


zbl91422 is offline  
Closed Thread



« Zenith Conquer | Releasing Flare Conquer (Co version 6695) [Released 16th July 2018] »

Similar Threads
S>> Conquer Accounts Centaur And Emerald Server
08/05/2008 - Conquer Online 2 - 1 Replies
hey im selling 3 Conquer accounts 2 on Emerald and 1 on centaur i know this is the wrong section but i dont know where the good section is srry. ALL ACCOUNTS HAVE FULL INFO! *** Lvl 121-76 Archer-Trojan *** Level: 76 Reborn: 1 Reborned In Level: 121 Class: Trojan Class Before Reborn: Archer



All times are GMT +2. The time now is 03:27.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

BTC: 3KeUpz52VCbhmLwuwydqxu6U1xsgbT8YT5
ETH: 0xc6ec801B7563A4376751F33b0573308aDa611E05

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2019 elitepvpers All Rights Reserved.