Page 1 of 1

TMForever storing passwords in clear text

Posted: 12 Sep 2018 18:30
by knox
Hey there,

I just got to know that you are storing the users' passwords in clear text in your database.
Why so? Please consider hashing our passwords! These are fundamental private information. I do not doubt your security or your honesty, but no system is safe. And I do not want any hackers or one of your employees to look at my password - it should not even be possible! I am an IT specialist and password hashing is state of the art... storing clear text passwords is outdated for years...

kind regards

Re: TMForever storing passwords in clear text

Posted: 13 Sep 2018 16:08
by Xymph
An long-standing problem in an old game which hasn't received updates for years, so this won't be fixed.

Re: TMForever storing passwords in clear text

Posted: 13 Sep 2018 16:49
by knox
to be honest I cannot understand that... this is a small amount of lines of code which have to be changed... 3 days maximum...
You want to tell me you are too lazy for this small effort? And by the way you are the only one to blame for this workload... better think before you code the next time...

But if you can live with the problem of high risk for the users and do not want to make some code changes... at least make an anouncement ingame about this problem - if you are the one to decide that the users passwords are not worth the effort of protecting them, give them the chance to decide whether they are okay with it!

Re: TMForever storing passwords in clear text

Posted: 13 Sep 2018 18:57
by Xymph
knox wrote:
13 Sep 2018 16:49
to be honest I cannot understand that... this is a small amount of lines of code which have to be changed... 3 days maximum...
You want to tell me you are too lazy for this small effort? And by the way you are the only one to blame for this workload... better think before you code the next time...

But if you can live with the problem of high risk for the users and do not want to make some code changes... at least make an anouncement ingame about this problem - if you are the one to decide that the users passwords are not worth the effort of protecting them, give them the chance to decide whether they are okay with it!
If your use of "you" refers to Nadeo, you may have a point but are apparently unfamiliar with how they changed focus to their newer ManiaPlanet platform, and abandoned (almost all) work on the old games. Only master server issues are still monitored for and resolved.

If your use of "you" refers to me, you're mistaken, as I didn't code any part of the client or server or user administration, and don't work for Nadeo. ;)