authentication
authentication
Hello guys, my name is qqNob
I need help with armaauth. I went to the Wiki and I just found it on the forum. I have the files config.php and index.php, but I do not know how to put the @
Example: test @ rx
Someone to help? Thank you
Found : https://github.com/fkmclane/ArmaAuth
I need help with armaauth. I went to the Wiki and I just found it on the forum. I have the files config.php and index.php, but I do not know how to put the @
Example: test @ rx
Someone to help? Thank you
Found : https://github.com/fkmclane/ArmaAuth
Re: authentication
What comes after the @ is going to be your domain. So, if you're hosting this on example.com, your auth would be user@example.com. If you want a short auth like @lt or @forums, you need to have public registration available for your auth, and I believe there are a few other rules written somewhere (probably on the wiki). Then you can contact Tank and request it.
If you only want it to work on your server, you could alter your hosts file and redirect, for example @lt would be lt.authentication.armagetronad.net, to your webserver with your auth set up and you could have any login there you want. Of course, if you happen to duplicate an existing one, you're going to have issues with people that want to log in with their real login, so you would need to avoid @rx, @forums, @lt, @dbd, @comps, and quite a few more. This is generally a bad idea, but it sounds like you're less likely to know how to build public registration for your authentication server.
If you only want it to work on your server, you could alter your hosts file and redirect, for example @lt would be lt.authentication.armagetronad.net, to your webserver with your auth set up and you could have any login there you want. Of course, if you happen to duplicate an existing one, you're going to have issues with people that want to log in with their real login, so you would need to avoid @rx, @forums, @lt, @dbd, @comps, and quite a few more. This is generally a bad idea, but it sounds like you're less likely to know how to build public registration for your authentication server.
Re: authentication
@qqnob.tk ok. now you have idea how use the method webform i dont like md5Light wrote:What comes after the @ is going to be your domain. So, if you're hosting this on example.com, your auth would be user@example.com. If you want a short auth like @lt or @forums, you need to have public registration available for your auth, and I believe there are a few other rules written somewhere (probably on the wiki). Then you can contact Tank and request it.
If you only want it to work on your server, you could alter your hosts file and redirect, for example @lt would be lt.authentication.armagetronad.net, to your webserver with your auth set up and you could have any login there you want. Of course, if you happen to duplicate an existing one, you're going to have issues with people that want to log in with their real login, so you would need to avoid @rx, @forums, @lt, @dbd, @comps, and quite a few more. This is generally a bad idea, but it sounds like you're less likely to know how to build public registration for your authentication server.
Re: authentication
I'm not sure what you're asking. Are you talking about Webform in Drupal? MD5 is just an encryption method so you can't view the plain text, and are not sending it unencrypted where it could be intercepted. If you are talking about using a current database of users with a different password encryption, you'll need to either change that or if you happen to have started with MD5 follow the same method to duplicate it in your auth script.qqNob wrote:@qqnob.tk ok. now you have idea how use the method webform i dont like md5
Re: authentication
ok dude go to Lightron chat, for more help. ok?Light wrote:I'm not sure what you're asking. Are you talking about Webform in Drupal? MD5 is just an encryption method so you can't view the plain text, and are not sending it unencrypted where it could be intercepted. If you are talking about using a current database of users with a different password encryption, you'll need to either change that or if you happen to have started with MD5 follow the same method to duplicate it in your auth script.qqNob wrote:@qqnob.tk ok. now you have idea how use the method webform i dont like md5
-
- Posts: 6
- Joined: Wed Mar 01, 2017 4:24 am
Re: authentication
MD5 is not encryption, it's a hash algorithm. In other words, unlike encryption, MD5 (like all hash algorithms) is designed to not be reversible.Light wrote:MD5 is just an encryption method so you can't view the plain text
It's also incredibly insecure, and should be avoided for authentication at all costs. Collisions for MD5 can be found in about a day on modern hardware.
If you want authentication, use a well-known scrutinized password-hashing algorithm designed for that purpose. An example is bcrypt with 1000 iterations, or Argon2. But using MD5 is just asking to get screwed over.
- Lucifer
- Project Developer
- Posts: 8640
- Joined: Sun Aug 15, 2004 3:32 pm
- Location: Republic of Texas
- Contact:
Re: authentication
There's a salt or two added to make it more difficult to determine a password even after it's been reversed, but yeah, sha2 is supposed to be added in 0.4 (or maybe we already have it? I forget)
Then again, we're also not protecting credit cards or even real identities, only game identities.
Then again, we're also not protecting credit cards or even real identities, only game identities.
-
- Posts: 6
- Joined: Wed Mar 01, 2017 4:24 am
Re: authentication
That's great, but even sha2 wasn't designed for password hashing. Even better would be to use a few rounds of the recently standardized Argon2, which was designed for the purpose.Lucifer wrote:There's a salt or two added to make it more difficult to determine a password even after it's been reversed, but yeah, sha2 is supposed to be added in 0.4 (or maybe we already have it? I forget)
Still though, some people may be quite attached to their accountsLucifer wrote:Then again, we're also not protecting credit cards or even real identities, only game identities.
Re: authentication
And certain server control panels use global ID to sign in. If someone doesn't have their data backed up, that could be quite a catastrophe... Still others use the same password for ALL of their accounts everywhere.qqqqqqqqqqqz wrote:Still though, some people may be quite attached to their accountsLucifer wrote:Then again, we're also not protecting credit cards or even real identities, only game identities.
-
- Posts: 6
- Joined: Wed Mar 01, 2017 4:24 am
Re: authentication
Which makes it doubly important to use strong password hashing algorithms, so that that weakness is less of a weakness.aP|Nelg wrote:Still others use the same password for ALL of their accounts everywhere.