> > Hmmmmm....... I personally like the idea of separate text player files. > It would definitely help me on those glorious occasions when someone > wants to know what their password is, so that I don't have to go change > it, or when you want to look at a char's stats w/o entering the game (for > whatever reasons....). As for people hacking into files and modifying > them..... well, OLC will keep people out of the root account, and anyone > who got caught doing something like that would be deleted anyway.... *grin* Storing someone's password in cleartext (on any system) is generally a bad idea. While a MUD is generally pretty safe (most MUDs don't let you shell to the OS) it makes it one step easier to hack. Earlier this year we had someone hack our campus email server which stored the passwords in cleartext, and took EVERYONE's password, forcing the administrators to lock everyone's account until new passwords could be made (some of the administrators were also looking for new jobs). The hacker didn't even have an account on the system. If you want to make it easy to change passwords, I'd suggest implementing a local override password that works in all cases (entering the game, changing an existing password, deleting a character) and have them give you a new password to enter. If that sounds unsafe, make it so that the override is only checked for people logging in from loopback (127.0.0.1). -Jeff
This archive was generated by hypermail 2b30 : 12/07/00 PST