> I have to agree with you on this jeremy. I was keeping my players > passwords as text and all I got was complaints from my players saying > that if I didn't change it they would not play. > Well, I'm not going to even tell my players -- but I have no choice to keep them in text, as the crypt() here is absolutely brain-dead and I think my players would rather me be able to see their passwords instead of not being able to relogin. I also have a use for passwords and pfiles in text. I can use it to rid of players that have more than 2 players (yea, I allow a person to have two chars) using the same pwd. Sure, it's completely POSSIBLE that two seperate people would be using the same password, but you don't find 4 seperate people using "yggdrasil" (Yes, 8 multis) as their password. Anyway, this is ridiculous. Everyones complaining about crypt() being a security risk... Well, any decent hacker that can get into the shell and use the mudpasswd.c (whatever), modified of course, to change anyones password in the game without knowing it. Not to mention purgeplay. Yes, it's entirely possible that in a text file the same hacker can set up his level, play arond with things, but you can easily change that back and site ban provided it's straight ASCII. What are you going to do in the other case? Purge the entire player file because a person changed a password or used a modified purgeplay to set the delete flag on anyone they want.... REALLY safe there.
This archive was generated by hypermail 2b30 : 12/07/00 PST