RBL - Ephialtes

[Iban]

Return to Blockland's forums uses phpbb and I have no reason to assume he'd want to steal my password.

[Ad Bot]

[DrenDran]

Return to Blockland's forums uses phpbb and I have no reason to assume he'd want to steal my password.

Seems a valid point.

[cucumberdude]

Return to Blockland's forums uses phpbb and I have no reason to assume he'd want to steal my password.

lol i hav so much resin to stel ur pasword! i can uuse it to psot bad words on the of topic blog!

[BobSevenSevens]

OpenID is fine. The problem here is that the dude was storing a massive amount of passwords provided by members of Blockland in plain text, associated with their name and email. This isn't OK.

Yes, but he fixed the issue with hashing.

[SeventhSandwich]

I'm not signing up any website Blockland related that is not on the blockland.us website, or on returntoblockland.com. That's just stupid.

Fun fact: TomTheGeek (Now known as ChuckTheArcher) lost his original account due to that exact problem with Poiuyt, but you probably know that.

[DrenDran]

I'm gonna create a blocklander rating system that will be IP based and run with an add-on ingame, so that you could say, bring up the gui with a keybind, and rate some people while loading. All without using any passwords at all! ...If and when I get around to it.

[Custard]

I'm gonna create a blocklander rating system that will be IP based and run with an add-on ingame, so that you could say, bring up the gui with a keybind, and rate some people while loading. All without using any passwords at all! ...If and when I get around to it.

Why do you steal ideas

[.::Taboo::.]

Why do you steal ideas

improve upon*

[cucumberdude]

I'm gonna create a blocklander rating system that will be IP based

Are you completely ignoring that fact that IPs can easily be changed? I have a friend who has his IP change every hour or so...

[Xalos]

How dare he have a dynamic IP address! That's completely normal, considering how IP addresses work!

[cucumberdude]

How dare he have a dynamic IP address! That's completely normal, considering how IP addresses work!

Yes, I guess?

Most IPs are dynamic, at least for the average web user. Depends on your ISP. If that's what you're saying, then yeah, correct.

Can't tell if idiot or sarcasm... I hope sarcasm :|

[Scout31]

Why do I doubt you actually took the time to MD5 all the existing password?

Also, have the client send a encrypted/hashed form. That's provable. RTB is completely safe, as the only place you logon currently has encryption. The front page doesn't, but it's still dysfunctional, so no one cares about it.

[DontCare4Free]

Why do I doubt you actually took the time to MD5 all the existing password?

Also, have the client send a encrypted/hashed form. That's provable. RTB is completely safe, as the only place you logon currently has encryption. The front page doesn't, but it's still dysfunctional, so no one cares about it.

The site is not to be trusted more just because of that it has SSL. SSL only protects against third-parties, not "evil" websites.

[cucumberdude]

Why do I doubt you actually took the time to MD5 all the existing password?

You must never have worked with mySQL or something... Do you realize how easy it is to loop through rows replacing values?

Also, have the client send a encrypted/hashed form. That's provable. RTB is completely safe, as the only place you logon currently has encryption. The front page doesn't, but it's still dysfunctional, so no one cares about it.

Ah, I didn't realize the logon on the front page wasn't fo reals. I don't use the RTB forums or anything.