Author Topic: Finding the location of an executed file (Read 4626 times)

RarwMuffinz · April 13, 2014, 12:28:15 AM

Quote from: Ipquarx on April 12, 2014, 11:47:31 PM

Storing their keys online is not a good idea. You aren't experienced enough in internet security to prevent people from hacking into it.

I was not going to code it myself silly. Im looking into security options atm

Ad Bot · Advertisement

RarwMuffinz · April 13, 2014, 12:33:06 AM

Quote from: Xalos on April 12, 2014, 10:01:51 PM

Good luck with that.

SSL FTW! Wait nvm ;-;

Oh look now! that was fast

Pah1023 · April 13, 2014, 09:14:42 PM

Quote from: RarwMuffinz on April 12, 2014, 11:27:50 PM

I've decided that the data stored in an online service. Users can create and account and login with a username and password. Meanwhile I need to create a good privacy policy.

I recommend you stopping right now, no one will use this service, and your mod will more then likely get fail-binned for having anything to do with Key.dat.
And it would be safer for people to keep their key's written down, or saved in a text file then trusting your site.

Greek2me · April 13, 2014, 10:08:13 PM

Quote from: RarwMuffinz on April 13, 2014, 12:33:06 AM

SSL FTW! Wait nvm ;-;

Oh look now! that was fast

SSL is not available in TorqueScript. Sorry, but there is no way to encrypt keys. You can't make this mod safely. It's a nice idea, but it won't work.

elm · April 13, 2014, 10:50:28 PM

Yeah, this mod is a waste of time, can't you find a better project to spend time on?

RarwMuffinz · April 14, 2014, 11:56:55 PM

Quote from: Greek2me on April 13, 2014, 10:08:13 PM

SSL is not available in TorqueScript. Sorry, but there is no way to encrypt keys. You can't make this mod safely. It's a nice idea, but it won't work.

The sll would be used by the online service not by the torque engine.

Quote from: elm on April 13, 2014, 10:50:28 PM

Yeah, this mod is a waste of time, can't you find a better project to spend time on?

So what if it fails. It would have been a great learning experience with learning who to use http/tcpobjects. I have already started working on it with my friend who is doing to the web side stuff.

Ipquarx · April 14, 2014, 11:59:21 PM

Too bad that getting an SSL certificate costs real money, not fake learning money.

RarwMuffinz · April 15, 2014, 12:00:20 AM

Quote from: Pah1023 on April 13, 2014, 09:14:42 PM

and your mod will more then likely get fail-binned for having anything to do with Key.dat.

I'm not sure how this would be fail binned. I'm not going to use key.dat and users freely give their key to the service in exchange for the easier login system and the understanding that their key won't be sold to any 3rd party. Even if no one else uses it I would sure use it myself

Greek2me · April 15, 2014, 12:08:40 AM

Quote from: RarwMuffinz on April 14, 2014, 11:56:55 PM

The sll would be used by the online service not by the torque engine.

That's the problem. SSL needs both a server and a client.

Quote from: RarwMuffinz on April 15, 2014, 12:00:20 AM

users freely give their key to the service

That's where Badspot would have a problem.

If you want to do it for yourself though, have fun!

Xalos · April 15, 2014, 12:09:28 AM

Quote from: RarwMuffinz on April 13, 2014, 12:33:06 AM

SSL FTW! Wait nvm ;-;

Oh look now! that was fast

OpenSSL is a horrible implementation of SSL that has so many problems that it's impossible to throw a grep without hitting one. Nonetheless, it's a de facto standard that is used because it has more features than any other implementation of SSL.

Heartbleed is caused because OpenSSL does not release memory back to the buffer. It caches memory under its own jurisdiction, then wraps malloc to give cached memory back out when a function needs memory - without resetting the memory to all zeroes first. This, combined with the fact that it does not sanitize heartbeat (hence, heartbleed) string length values, means you can send a heartbeat packet requesting "HAT" (length of 500 letters).

Again, this is a bug with OpenSSL, not SSL itself. You could and probably would make similar mistakes if you tried to implement an RSA library right now.

RarwMuffinz · April 15, 2014, 10:59:47 AM

Whatever. Im not working on the web side development of this. I just need to learn how to use Tcp and Httpobjects

boodals 2 · April 15, 2014, 12:05:10 PM

Sending the key to a website is about 5000% less safe than keeping it in a .txt file, unencrypted. Its a lot easier to hack a website than it is to hack a PC.

But yeah, don't do either. Any other add-on could just get the key then do whatever it wants with it, and there would be no way for you to know, or stop it.

Ipquarx · April 15, 2014, 04:31:15 PM

Guys, I really think you're jumping the gun on this.

As long as the mod encrypts the keys with a password, and then asks the user for the password to be able to switch between accounts, there's nothing insecure about it whatsoever.

Greek2me · April 15, 2014, 04:40:03 PM

Quote from: Ipquarx on April 15, 2014, 04:31:15 PM

Guys, I really think you're jumping the gun on this.

As long as the mod encrypts the keys with a password, and then asks the user for the password to be able to switch between accounts, there's nothing insecure about it whatsoever.

Yes, we know that. However, there's no way to encrypt it.

Xalos · April 15, 2014, 05:19:58 PM

Quote from: Greek2me on April 15, 2014, 04:40:03 PM

However, there's no way to encrypt it.

That's not exactly true. Torque is technically Turing-complete, meaning that if one was so inclined (ahem Ipqµarx), you could run any level of encryption you wanted.

It would just take an exorbitantly large amount of time.