Author Topic: RBL - Ephialtes (Read 7245 times)

cucumberdude · March 10, 2011, 06:53:21 PM

Quote from: DrenDran on March 10, 2011, 04:03:38 PM

http://forum.blockland.us/index.php?topic=122139.0
A CHAT SYSTEM IS NOT A WEBSITE
Thank you.

You are storing user passwords on your server.

Anyways, apologies - my goal was obviously not to get your service taken down. Ephialtes just asked for an example, and yours worked perfectly. I strongly feel that your service, and any others, should not be removed.

Quote from: Jasa 12265 on March 10, 2011, 05:27:09 PM

What do you want to be done about this? Have him ban himself?

No. I want him to put in place a reasonable rule that applies to all player-owned websites.
Admittedly, RTB is backed by Badspot and probably isn't stealing passwords - but hey, what do we know?

Ad Bot · Advertisement

Iban · March 10, 2011, 06:56:35 PM

there is a significant difference between ephialte's integrity and yours.

IkeTheGeneric · March 10, 2011, 06:57:59 PM

Quote from: Iban on March 10, 2011, 06:56:35 PM

ephialte's

It would be ephialtes', if that's the correct abbreviation you're looking for.

And anyways, it may just be me, but I'm having difficulty understanding what's going on.

Iban · March 10, 2011, 07:19:05 PM

Quote from: IkeTheGeneric on March 10, 2011, 06:57:59 PM

It would be ephialtes', if that's the correct abbreviation you're looking for.

And anyways, it may just be me, but I'm having difficulty understanding what's going on.

congratulations on correcting a misplaced apostrophe over the multiple lower-case letters in that sentence.

otto-san · March 10, 2011, 07:23:05 PM

I use a special password for anything like this.

I knew this would probably happen so I was cautious.

DrenDran · March 10, 2011, 07:23:05 PM

Quote from: cucumberdude on March 10, 2011, 06:53:21 PM

You are storing user passwords on your server.

Yeah, passwords that were made by the same server and that the users never even need to see.
They'd have no chance to input their password for this website, as their password is given to them, and is handled without the users knowledge.

DontCare4Free · March 10, 2011, 07:24:58 PM

Quote from: DrenDran on March 10, 2011, 07:23:05 PM

Yeah, passwords that were made by the same server and that the users never even need to see.
They'd have no chance to input their password for this website, as their password is given to them, and is handled without the users knowledge.

But what happens then if something happens to their hdd/bl installation?

Kalphiter · March 10, 2011, 07:25:56 PM

Quote from: DontCare4Free on March 10, 2011, 07:24:58 PM

But what happens then if something happens to their hdd/bl installation?

It's not a password that the users define.

DrenDran · March 10, 2011, 07:27:20 PM

Quote from: DontCare4Free on March 10, 2011, 07:24:58 PM

But what happens then if something happens to their hdd/bl installation?

If they just need to switch pc's the password is there in their prefs file to get.
God forbid every instance of the stored password is somehow destroyed because all their computers crashed, they can just ask me for a reset on their name.

Quote from: Kalphiter on March 10, 2011, 07:25:56 PM

It's not a password that the users define.

Exactly.

DrenDran · March 10, 2011, 07:28:00 PM

Quote from: DrenDran on March 10, 2011, 07:27:20 PM

If they just need to switch pc's the password is there in their prefs file to get.
God forbid every instance of the stored password is somehow destroyed because all their computers crashed, they can just ask me for a reset on their name.Exactly.

Oh and the service died a while ago, I had thoughts about revival, but I know RTB 4 will render it obsolete.

Grumpy · March 10, 2011, 07:31:24 PM

stop whining about your website which only gave more reason for dipstuffs to stroke their e-peen's more

cucumberdude · March 10, 2011, 07:33:42 PM

Ah, thanks for clarifying Dren.

I haven't used the service, just read about it.

Quote from: Grumpy on March 10, 2011, 07:31:24 PM

stop whining about your website which only gave more reason for dipstuffs to stroke their e-peen's more

Actually it's not so much the removal of the website specifically that bothers me - it's more the unclear reasons behind it.

BobSevenSevens · March 10, 2011, 07:51:47 PM

Can't post on the page itself for some reason, so here's my take on this:

Quote from: Me

This is pretty interesting. I think the main point in this is that Ephi said to give an example of a user-made website that needed login, and you did. Also, you had fixed all other issues that he gave as reasons for taking down the topics. Then, he stopped PM'ing you. That seems pretty suspect to me.

Also, if smfforfree forums count as the type of website you mention, I have one here.

cucumberdude · March 10, 2011, 07:57:14 PM

Quote from: BobSevenSevens on March 10, 2011, 07:51:47 PM

Can't post on the page itself for some reason, so here's my take on this:

Also, if smfforfree forums count as the type of website you mention, I have one here.

My thoughts exactly.

MikeyMonster · March 10, 2011, 09:06:23 PM

I'm interested, because both of you - Ephialtes and Cucumberdude - seem to be pretty reasonable people. However, looking over the "evidence" you've provided, I've come to a conclusion that, indeed, the security breech was pretty serious, but since you've fixed that(?), it simply makes your website the same as any other like it that's posted on the forum. I do agree that adding a rule against them would be a good idea, but if he's just going to only target a few, I don't see the point. Forgive me if I'm wrong with anything I've mentioned in this post.