This project has moved. For the latest updates, please go here.

Security of user information ramblings of a mad man

Topics: General
Coordinator
Nov 10, 2015 at 2:15 PM
Edited Nov 10, 2015 at 2:17 PM
There are 2 reasons that I have yet to add what most have requested and that is a way for the program to automatically save there user information..

Coming in at the number 1 reason.. Human error no one is immune.. what i'm talking about here is as humans we tend to forget what we don't use "If you don't use it you lose it" well the login system has a few nice things like password reset and account locked out caused by my network is being stupid.. I have built in ways for the end user to help them self to avoid forgetting this information.. One way is to not let you store it then you cant forget it..

Coming in at number 2... I cant control what is and is not installed on any one computer. My computer that's a different story.. but yours not so much. so if I store your username and password as per "The Proper way to do this" I would be allowing anyone who has access to your system to possibly take a peek at it.. now this has been referred to as the post it under the keyboard the only way to get to the information is to walk in and flip the key board then anyone can see it that is standing in the room how secure is that well you don't let anyone flip the keyboard and its the most secure thing ever.. So that leads me to think as long as the user don't get infected with anything that can "flip the keyboard" its great. What is the chance that a user gets this infection 1-10% 10-20% ? even at one percent is it worth the risk? I have always said no. even .000001% of a chance that a computer can get compromised from user data is to high for me that's why I don't store anything any where..

Now that you have read the ramblings of a mad man please tell me your thoughts on the issue at hand. One liners like "it don't matter to me" don't help..
Editor
Nov 11, 2015 at 12:50 PM
Edited Nov 11, 2015 at 12:51 PM
I do not think there is a need for you to store all of the logins and passwords. I agree with number one and I am not savvy enough to completely understand number 2 ("flip the keyboard"?). The service you provide is a way to edit the game save. That does not specifically require that you remember and store everyone's login/pass. I think the most important reason for you, and I think this is what number 2 is getting at ..... is liability. If Amazon, Playstation, Target and Xbox (to name a few) cannot keep their customer's information safe, then why would you put yourself out there and try to do the same. This is especially true if you are doing any of this work or collection of money in your personal name as opposed to a business entity. The benefit to users is simply not worth the potential liability, or the worry about the potential liability.

On the lighter side, I am absolutely certain that the importance of you and the editor rank right up there with Amazon, Playstation, Target and Xbox. ;)
Coordinator
Nov 11, 2015 at 2:30 PM
Edited Nov 11, 2015 at 2:30 PM
Let me clarify the "Flip the keyboard" part of this.. The question has always been asked whats the best way to store a user name and password? From a developer stand point, "do we developers store the username and password in some obscure, self written crypto, that takes 20 seconds to break or plain text and what do we do if the users computer gets compromised?" and some of the best answers I have ever seen are this.. http://programmers.stackexchange.com/questions/148628/how-safe-is-it-if-i-store-passwords-in-app-config-in-c-net-4 Ignore the actual answer and read the comments on on the question.
It's about as safe as writing your computer password on a post-it and putting it under your keyboard. I.e. 100% safe until someone flips your keyboard over.

A post-it is the most secure password storage you can get. Even the best hacker won't be able to read it without entrng the room, (unless you point the web cam at it that is)
Having said that there is a lot of malware out that looks for things like app config, user config, and try's to see if there are at least an e-mail in it so that they can e-mail the person with spam..
Security of users information is the first priority. Security of my information is the second..

The past few weeks there has been a few users trying to brute force there way in to the database and have only succeeded in crashing the sever. Because they cant query the users table(they cant access it out side of the script and the script cant do anything but read) or the any of the other tables(same reasons). All that can happen is the system will just say OK I'm done and reboot.. So I'm not extremely worried about my system.. I'm more worried about what nastiness's are on users systems..


I do like you comparing it to other systems that cant protect there own data or there users..

to answer your question / statement
is liability. If Amazon, Playstation, Target and Xbox (to name a few) cannot keep their customer's information safe, then why would you put yourself out there and try to do the same. This is especially true if you are doing any of this work or collection of money in your personal name as opposed to a business entity.
According to PCI-DSS (The Payment Card Industry Data Security Standard) I have to be a business entity in order to processes payments.. How ever the liability is still mine..

I hope this clarify's a few points. And would love to here more on it.. Its open for discussion because there are a lot of users asking me directly for it rather then coming here typing out a can we have this.. For the most part this has been a user driven project the UI was in part designed by the community. poles have been created in the past about what to and what not to allow. How fare do we want brake things... aside from this the only thing I have never added and will never add is a way to get 100% achievements but apparently I need to look in to ways to fix some broken ones.. Maybe in the next few months I can have some time to look at why they are broken in the first place..

As always Mr. Mairhouse you bring some valid points to the discussion..

Sorry for the wall of text..
Nov 11, 2015 at 8:13 PM
You know my thinking about it . Everyone need to protect by himself. U can not safe the World :)
Coordinator
Nov 12, 2015 at 4:26 PM
I can see that too..
Developer
Nov 13, 2015 at 2:13 AM
I'm good with having to input my credentials every time I log in. I may be a little more paranoid than most but I feel its safer that way.
Feb 11, 2016 at 6:17 AM
honestly ck i dont mind putting in the email and password... sometimes it gets to be a pain when im rolling stuff to try and get higher straight etc but other then that i think u should keep it that way dont forget it so when they login in on a dif IP address they still can becz they remember there password if u put that on there we both know they will forget it and lock themselfs out of the editor...... like say u do put that in as a new add on or what u want to call it and the one computer labtop etc gets broke etc and then they have to get a new one.... then they try and login and and cant bec they dont remember there password ....... i hope this help u deside mr bob
Feb 11, 2016 at 8:05 AM
I'm fine putting my stuff in each time. You are right when you say that if you don't use it you lose it. Besides, it's not like it's a big hassle or anything. I forget a lot of stuff unless I use it often so I like it the way it is.
Feb 11, 2016 at 8:30 PM
glad i went with my short email and pw
Feb 23, 2016 at 2:55 PM
Honestly the password / login is fine by me. The problem I have is loosing my Locker with every update. And I have no doubt that there is already a post in here on what to do like a copy paste of files or some such. I just have not looked for it yet since I'm still a noob and the stuff I have modded up to now is basically crap. I only last night made my first high (true) damage weapon and I could have done that better. /shrug.
Coordinator
Feb 23, 2016 at 6:41 PM
You just need to import your locker file from the old version to the new version. Change the file to ".bnk"
Mar 15, 2016 at 7:41 AM
did anyone else have the problem of losing the stuff they had saved in there locker ... on .148?
Coordinator
Mar 15, 2016 at 1:07 PM
No