My interface is horrid and my writing stinks

BYOND Forums

Announcements · BYOND Help · Bug Reports · Feature Requests · Beta Testers · Beta Bugs · Developer Help · Design Philosophy · Demos & Libraries · Tutorials & Snippets · Art & Sound · Classified Ads · Game Updates · Contests & Events · Linux Talk · On Topic · Off Topic

ID:105920 Dec 19 2010, 2:10 am
Zagreus	http://devblog.clylla.com/post/2372585299/ i-call-the-first-one-why-i-need-an-interface But at least it is functional. It can always be polished up later.

Dec 19 2010, 2:52 am
Zagreus	Thanks for the yea, random person who did not comment. Or should I be thanking them, is that agreeing that my interface is horrid and my writing stinks? :-P I've put a lot more effort into the real meat of the interface, what players see after being logged in. This is a rough draft, to say the least.

Dec 19 2010, 8:34 am
Duelmaster409	The only thing that troubles me is that you're asking for passwords of some sort. Unless you've linked the input to secure.byond this is pretty questionable. Then again I don't know if this is even possible with an input control... then again I don't know if that window is just one big browser!

Dec 19 2010, 8:54 am
Zagreus	What is secure.byond? Some sort of encryption library? Couldn't find anything in my search.

Dec 19 2010, 9:01 am

Zagreus

Although your comment does bring something to light. There is always a chance that someone will try to login with the same password they use for BYOND. While I'm the only person who would ever have access to the password data on my server (this isn't a public project and there aren't going to be "host files" of any sort), it is still a bit unsettling. I suppose on the account registration form I'll put a big bold (NOT your BYOND Password) under the password boxes, and include a disclaimer on it in the account registration guidelines/terms of use.

I imagine some level of trust with the game developer is needed any time you create an account on their game. If it's still a problem, you really shouldn't be playing any online games at all.

Dec 19 2010, 9:31 am
Duelmaster409	http://www.byond.com/members/ DreamMakers?command=view_post&post=103749

Dec 19 2010, 10:34 am

DivineTraveller

Zagreus wrote:

Although your comment does bring something to light. There is always a chance that someone will try to login with the same password they use for BYOND. While I'm the only person who would ever have access to the password data on my server (this isn't a public project and there aren't going to be "host files" of any sort), it is still a bit unsettling. I suppose on the account registration form I'll put a big bold (NOT your BYOND Password) under the password boxes, and include a disclaimer on it in the account registration guidelines/terms of use.

I imagine some level of trust with the game developer is needed any time you create an account on their game. If it's still a problem, you really shouldn't be playing any online games at all.

Even easier: hash and salt the password and store that instead.

Dec 19 2010, 12:19 pm

Zagreus

Duelmaster409 wrote:

http://www.byond.com/members/ DreamMakers?command=view_post&post=103749

Oh, I think I see where you are confused now. That login and password isn't for BYOND. The whole point of the "Login with BYOND" button at the bottom right is so that people who have their pager open and are logged into their key can skip it if they want to. That's a custom accounts system specific to the game. I made a post about that last week. Custom Accounts vs BYOND Keys or something like that

Dec 19 2010, 6:37 pm
Vermolius	DivineTraveller wrote: Even easier: hash and salt the password and store that instead. Seconded. This is how things work in the real world for realzy.

Dec 19 2010, 8:54 pm
Zagreus	I like pepper and hot sauce with my hash, not salt!

Dec 19 2010, 8:57 pm
Vermolius	Salty

Dec 19 2010, 8:59 pm
Zagreus	Vermolius wrote: Salty I know what it is. But do you think I really need to use something like this for an accounts system where the server and savefiles will never touch outside hands? What is the point?

Dec 19 2010, 9:05 pm
Vermolius	It's just added security. It's not hard to hash a password, store it, and upon password input hash the input for comparison with the stored hash--that's almost a tongue-twister. Also, it keeps inside hands from having easy capability to see user passwords. There is no reason for you to have access to peoples' passwords anyway.

Dec 19 2010, 9:15 pm

Zagreus

Vermolius wrote:

There is no reason for you to have access to peoples' passwords anyway.

Yeah, that's why I mentioned was feeling uneasy in my early comments. I want to allow accounts for guest users and such, but I'd feel really uneasy about knowing I'd have their passwords in my face anytime I looked at their account data.(note: for their GAME accounts, not BYOND Keys) Doing this will at least give me peace of mind that it's not easily readable.

Of course, it's not like I couldn't read them anyway if I wrote that capability, or if I just simply didn't use any cryptographic techniques. The users would never know the difference. So I guess the lesson here is, never use your everyday/serious passwords when making accounts for BYOND games.

I could go in a much greater lecture about protecting your information and password security, but most of it is common sense so I won't. :-P