Haypi's password security

Fri Jun 25, 2010 7:58 am by jglim

I am unable to find a "delete account" or "change password" function. Also, i realize the passwords stored in Haypi are not hashed/salted in any way. (there's a resend password function, which shouldn't exist)

If the servers get hacked into, the passwords are in plaintext. Please ensure that passwords are properly stored, and that users can only change passwords.

Fri Jun 25, 2010 8:09 am by Sylarius

General Tab -> Management Button -> Reset Password Button -> Follow the remaining procedures there to change your password.

And there are currently no plans for incorporating a delete account function.

Fri Jun 25, 2010 11:42 am by jglim

Thank you for your reply, it was helpful. I would suggest this to be included in the FAQs.

However, you have not touched on the topic of password storage security. The fact that i can retrieve my password by submitting my email means the password is not entirely secure (since i can obtain the plaintext version of it).

In the event of someone hacking into the servers, if the passwords were hashed, obtaining them in the original form is difficult. Paired with salts, it is nearly impossible.

Here is an excellent read about password storage. I understand Haypi is operated in PHP but this explains the advantages of hashing and salting very well.

http://www.aspheute.com/english/20040105.asp

thank you once again.

Fri Jun 25, 2010 11:52 am by Shadetale

They are busy people and I doubt they have time to upgrade the password database any time soon

Fri Jun 25, 2010 12:13 pm by jglim

strange why security shouldn't be a top priority.

Fri Jun 25, 2010 12:18 pm by Shadetale

Well, nobody really cares that much about Haypi passwords to hack into it I mean seriously, it's just a MMOG

Sat Jun 26, 2010 5:27 pm by jglim

Shadetale, it might not be easy to understand as a non-developer, but password security is a fundamental aspect of programming.

Sat Jun 26, 2010 5:36 pm by Bloodwolf

Shadetale wrote:They are busy people and I doubt they have time to upgrade the password database any time soon

hummm busy ppl with what dont they have like one game and i have not seen anything new since i started playing..

Sat Jun 26, 2010 5:36 pm by Bloodwolf

Bloodwolf wrote:
Shadetale wrote:They are busy people and I doubt they have time to upgrade the password database any time soon

hummm busy ppl with what dont they have like one game and i have not seen anything new since i started playing..

busy ppl my left foot.......

Sat Jun 26, 2010 5:37 pm by Acaellum

Bloodwolf wrote:
Shadetale wrote:They are busy people and I doubt they have time to upgrade the password database any time soon

hummm busy ppl with what dont they have like one game and i have not seen anything new since i started playing..

did you just start playing this week?? Theres changes to haypi every update!

Haypi's password security

Haypi's password security

Re: Haypi's password security

Re: Haypi's password security

Re: Haypi's password security

Re: Haypi's password security

Re: Haypi's password security

Re: Haypi's password security

Re: Haypi's password security

Re: Haypi's password security

Re: Haypi's password security

Who is online