• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Disable password encryption

Sategat

Sategat

New Member
Joined
May 25, 2009
Messages
113
Reaction score
0
Hello guys, how may I disable the password encryption on Modern AAC?


Thanks
 
You will have to find this in the core. Maybe it is on accounts_controller. But i don't know CodeIgniter, so, they may use a native component for hash encryptions.
 
Ok, that was NOT sarcasm.

But it would still be more useful if you could disable the encryption.
 
No,

because encryption avoids servers to get accounts stoled (in case of database access). And of course, it is more professional to a server to be transparent, by not storing plain passwords.
 
Why must it be dictated though? If the host is too stupid to not protect their database then so be it.

We learn from our mistakes and get over it. Oh well not a huge issue for me atleast.
 
We don't like the idea to store plain passwords. For security reasons.

We won't allow md5 or plain.

Use sha1.
 
if someone will get access to db I'm pretty sure that in 99% of cases he will be able to modify data also, so he will just change pass if he wants some char access so it really doesnt matter
Just playesr can feel more safe if admin cannot read their passwords
 
Well, we will add support for sha256/sha512 soon enough. We also might support for the 0.4 cores salts.
 
So, if i want to access an account ingame to investigate it on my otserv.How may I do it?
 
Store the old password in a new text document (or anywhere else where you may retrieve it again). Change his password (using SHA1 encryption) and login. Once completed the investigation, re-use the first password.
 
there should be a way to change the encrypted password to a plain one. Like an admin feature, smt like that...
 
I need to log in on a persons acc on my ot, but I cant. Im using sha1.. how do i log into his acc? I tried to just change the password to something ells but its not working..
Rep ++ for help
 
you can still figure out some passwords using a hash code checker
 
Ye, witch is why we added salt support too, but unfortunatly salts are for 0.4 only, therefore it won't be the default thing in ModernAAC.
 
zakius said:
if someone will get access to db I'm pretty sure that in 99% of cases he will be able to modify data also, so he will just change pass if he wants some char access so it really doesnt matter
Just playesr can feel more safe if admin cannot read their passwords
Click to expand...

Did you think about exporting database? If someone got access to .sql file with all data dumped from database, he can't do anything, also after server goes down you still don't have access to user passwords because usually players have the same login everywhere.
 
Back
Top