[EU] Emerald Conquer!

[_MaryJuana]

I can't really understand why there is such a huge discussion about saving passwords.. I mean we got brains or not? Everybody should know that likely every private server is saving them, which means you should be smart enough to use different ids, pws and emails for private servers as you use them for your email, paypal, steam whatever..

[TrapNZap]

This server is just a trash, he proved it today. The GM abused his powers and gave his friend items, super gems, made him sockets, just to win the GW. Also he joined his GM account to his friend guild to win the pole with full +12 2soc -7 255 hp sdg sdg gear, while every normal player has super +3/4 1soc items. RIP This server !

[- D]

Quote:

Originally Posted by _MaryJuana

I can't really understand why there is such a huge discussion about saving passwords.. I mean we got brains or not? Everybody should know that likely every private server is saving them, which means you should be smart enough to use different ids, pws and emails for private servers as you use them for your email, paypal, steam whatever..

That what I said.

Quote:

Originally Posted by TrapNZap

This server is just a trash, he proved it today. The GM abused his powers and gave his friend items, super gems, made him sockets, just to win the GW. Also he joined his GM account to his friend guild to win the pole with full +12 2soc -7 255 hp sdg sdg gear, while every normal player has super +3/4 1soc items. RIP This server !

New accusation, I know very well that success is difficult

[Spirited]

Quote:

Originally Posted by _MaryJuana

I can't really understand why there is such a huge discussion about saving passwords.. I mean we got brains or not? Everybody should know that likely every private server is saving them, which means you should be smart enough to use different ids, pws and emails for private servers as you use them for your email, paypal, steam whatever..

You can only hope that a player is responsible with their data. You cannot expect it, there are lots of people who don't understand computers or account security best practices. End of the day: there's no reason this server should be storing passwords in plain text. My server doesn't do that, it uses a salted SHA-256 hash. Epoch, ConquerGods, Shannara, Play Conquer, Primal, etc all store passwords as hashes. It's not difficult to do, and it guarantees at least some level of player account security.

[CptSky]

Quote:

Originally Posted by _MaryJuana

I can't really understand why there is such a huge discussion about saving passwords.. I mean we got brains or not? Everybody should know that likely every private server is saving them, which means you should be smart enough to use different ids, pws and emails for private servers as you use them for your email, paypal, steam whatever..

There is no reason to save the password encrypted or in plaintext. Any decent server should know that. First, why would I trust the owner that have potentially my email and a password to not try to login to other services (passwords are rarely totally unique)? And how can I trust the hosting machine to never be hacked?

I would even go further and say that you shouldn't store a plain hash of the password as it is still vulnerable to rainbow tables. Last account server I developed, passwords were hashed, salted and derived like 10'000 times with PBKDF2. It takes less than 10 lines in C# to do that.

[- D]

Quote:

Originally Posted by CptSky

There is no reason to save the password encrypted or in plaintext. Any decent server should know that. First, why would I trust the owner that have potentially my email and a password to not try to login to other services (passwords are rarely totally unique)? And how can I trust the hosting machine to never be hacked?

I would even go further and say that you shouldn't store a plain hash of the password as it is still vulnerable to rainbow tables. Last account server I developed, passwords were hashed, salted and derived like 10'000 times with PBKDF2. It takes less than 10 lines in C# to do that.

For make sure @ SHA256('".$password."')

[swildwest]

I can vouch. Good server. Takes a day or two to get in fighting shape - but doesn't require playing 8 hours a day to get somewhere. Owner is active and does his best to keep things sorted and regularly updates.

[- D]

NEW UPDATE!

New welcome message added
Lord Token icon changed
Ethereal Ticket icon changed
You can not use Hercules skill on Fast Blade and Scent Sword event anymore!
You can not use Thunder skill on Fast Blade and Scent Sword event anymore!
Notifications with Effect add to +stone and DragonBall
Meteor Doves character stuck has been solved
Boss drop rates has been changed
+3Stone added, Dbs increased and Moneybags
Hercules skill attack has been reduced and the range of the skill reduced also
Pole Domination HP changed
MB quest tokens rates changed
You can go the Death Tactic from first npc!
Flower Gem quest added
You can collect 5 Flowers by killing mobs in this quest to get random Super Gem!
Adventure Land quest added
You can collect 5 Magic Beans by killing mobs in this quest to get random rewards. (mets/dbs included).
Soc rates increased
Lava Lord added to the heaven (Hourly xx:51)
You may get +4 Stone or anything else.
Back Sword proficiency added to Proficiency ***
Lotto rewards increased

[turk55]

Quote:

Originally Posted by - D

For make sure @ SHA256('".$password."')

Really? Of all the hashing methods you chose one of the weaker ones...

SHA256? You are using MD5 by the screenshot.

Also, have a look at prepared statements.

[- D]

Quote:

Originally Posted by turk55

Really? Of all the hashing methods you chose one of the weaker ones...

SHA256? You are using MD5 by the screenshot.

Also, have a look at prepared statements.

I don't like you and i don't like to talk with you. bff

[Spirited]

Quote:

Originally Posted by - D

I don't like you and i don't like to talk with you. bff

He's right... but at least it's better than plain text...

Edit: Nevermind. This is a complete lie and you're still storing passwords in plain text. Come on, dude.

[- D]

Quote:

Originally Posted by Spirited

He's right... but at least it's better than plain text...

Edit: Nevermind. This is a complete lie and you're still storing passwords in plain text. Come on, dude.

Lol

[turk55]

Quote:

Originally Posted by - D

I don't like you and i don't like to talk with you. bff

I don't care if you like me or not, I don't exactly like you either. Your response already shows your professionalism.

[- D]

Christmas Event! Dec 21, 2018 - Jun 1, 2019.


[1033] Patch Notes!

[zbl91422]

i've only registered a new account to tell you that you shouldn't be stubborn when someone more experienced try to give you an advice, even when it's ill mannered or not phrased in the most kind way, nevertheless, they're absolutely right
in the screenshot, you're clearly using md5, go ahead and look up those hashs, ex. the second one, "68b74872368d6742ecb24537351de526" that's "letmego123"

with bad security awareness, your best bet is best practices, you're currently using PHP/5.2.6, are you aware how many exploits there is to compromise the users table on your precious db? check for yourself (not talking about anything advanced, a skid can get that done)


if there is anything i learned being on this form for years, it's that it's always better to go learn and study instead of arguing; also it's okay not to know about something, but it's never okay to push people away when they try to help/criticize you, you're on epvp, not defending your phd .

edit: to make this more helpful, you can simply generate new random password, hash it and send it to the user email, all it takes is literally 2 google searches.
generate random password:
send email in php:

i swear, i've junior developers at my company who only use snippets from stack over flow and get paid for it :')