Pages: 1 2 [3] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
LaVista Vista
|
Posted - 2008.12.26 11:10:00 -
[61]
Originally by: Robacz
If we are both speaking about this page, than you have incorrect information. There is no hashing code there, just plain html form. This form sends whatever user inputs there via POST method.
I guess you could compute user's hash using Javascript and send it instead of unencrypted password, but such code is not present on your login page.
I was talking the wire between our server and the database. Obviously there's always a risk if people don't actually use a secure wireless network or use a proxy which sniffs data.
|
Alija de'Chiarr
CF Capitalists Inc.
|
Posted - 2008.12.26 11:52:00 -
[62]
To be honest, classifying this as a huge problem now is absurd. I sure as hell don't hope you use POP3 for your email mailbox in that case, or 95%* of services provided by the internet. Also the only realistic location anyone would be able to intercept it is on/near your end; that is your computer and all the wires that lead to your ISP's infrastructure.
* rough estimate by yours truely
|
Packtu'sa
Nabaal Construction and Industrials Corp
|
Posted - 2008.12.26 18:39:00 -
[63]
All I'm saying is that I won't be logging into EBANK at a LAN party without tunneling out. Any system that transmits plaintext logins can't claim to be that secure. (Although I have no doubt that you have sufficient security measures in place for your database.)
I understand that in the scenario where one's EVE account login is compromised, EBANK makes their money safer, but what if only the EBANK login is acquired? Then money can be transferred to another EBANK account and withdrawn before anybody notices. A little bit of in-game money laundering and, voila, it's stolen.
As I said, I like EBANK, but I like straightforward honesty more. Some of your advertising seems a bit over-the-top compared to what you really offer. Sure, you'll notify customers about your exchange release before anybody else, but it'll be all over the forums within sixty seconds anyway.
Packtu'sa Founder/CEO, Nabaal Construction and Industrials Corp (2bn @ 4.5%) |
LaVista Vista
|
Posted - 2008.12.26 18:43:00 -
[64]
Originally by: Packtu'sa All I'm saying is that I won't be logging into EBANK at a LAN party without tunneling out. Any system that transmits plaintext logins can't claim to be that secure. (Although I have no doubt that you have sufficient security measures in place for your database.)
I understand that in the scenario where one's EVE account login is compromised, EBANK makes their money safer, but what if only the EBANK login is acquired? Then money can be transferred to another EBANK account and withdrawn before anybody notices. A little bit of in-game money laundering and, voila, it's stolen.
As I said, I like EBANK, but I like straightforward honesty more. Some of your advertising seems a bit over-the-top compared to what you really offer. Sure, you'll notify customers about your exchange release before anybody else, but it'll be all over the forums within sixty seconds anyway.
All I'm saying is that I won't be using the internet without tunneling out.
|
Hostility Incarnate
|
Posted - 2008.12.26 20:22:00 -
[65]
Wow, two teeners having it out on the forums over stuff that one of them in all likelihood knows very little about. How unique.
Pak, mommy and daddy let you even have your own bank account yet? |
|
|
|
Pages: 1 2 [3] :: one page |
First page | Previous page | Next page | Last page |