Global Login Checker
Re: Global Login Checker
It's not that hard to make. I made one just for fun because you sparked my curiosity. The only thing I don't know is where the @forums and whatnot actually point. Custom ones that show the URL are easy enough though.
Just curious. What would this be useful for? It would open up issues like people being able to dictionary attack users, and I can't really see a use beyond that. Sorry to be negative, just my thought.
http://lightron.no-ip.org/gid.php
No, it doesn't log your info, but if you would like to be careful, just make an auth on my index quick and try it with that.
It doesn't work with @forums either. It should work with aagid, but I didn't try it. Also, it works with any that have the address as the authority.
Just curious. What would this be useful for? It would open up issues like people being able to dictionary attack users, and I can't really see a use beyond that. Sorry to be negative, just my thought.
http://lightron.no-ip.org/gid.php
No, it doesn't log your info, but if you would like to be careful, just make an auth on my index quick and try it with that.
It doesn't work with @forums either. It should work with aagid, but I didn't try it. Also, it works with any that have the address as the authority.
Re: Global Login Checker
Didn't we already have code that does this in our own modules somewhere? And even a better one where the password hashing is done in JS on the user's browser, so they have in theory the chance to check whether their passwords are treated safely?
Nevertheless, I don't think this is a good idea. Not because I don't trust you or the code, but because I would not like to see players getting used to entering their passwords at random websites. Someone will try to abuse that.
Nevertheless, I don't think this is a good idea. Not because I don't trust you or the code, but because I would not like to see players getting used to entering their passwords at random websites. Someone will try to abuse that.
Re: Global Login Checker
I'm sure it could be hashed in JS, but I don't actually plan on using that. I was just curious what the point of one may be. Maybe to use auth's as a login to a forum or something, that's about the only thing I could come up with.
Yeah ... I make a lot of things that are completely useless to me.
Yeah ... I make a lot of things that are completely useless to me.
- kyle
- Reverse Outside Corner Grinder
- Posts: 1876
- Joined: Thu Jun 08, 2006 3:33 pm
- Location: Indiana, USA, Earth, Milky Way Galaxy, Universe, Multiverse
- Contact:
Re: Global Login Checker
Yes it is someplace on launchpadZ-Man wrote:Didn't we already have code that does this in our own modules somewhere? And even a better one where the password hashing is done in JS on the user's browser, so they have in theory the chance to check whether their passwords are treated safely?
Not even for a resource repository? I'm not compleatly done with it, but the plans are to link @forums accounts to the usernames that people had at one time. Also i want to allow configuration files to be uploaded.Z-Man wrote:Nevertheless, I don't think this is a good idea. Not because I don't trust you or the code, but because I would not like to see players getting used to entering their passwords at random websites. Someone will try to abuse that.
Re: Global Login Checker
You guys can do what you want. I'd feel better if there was a big fat warning on the login page saying something like "YOU ARE GIVING US YOUR PASSWORD. WE COULD USE IT TO TAKE OVER YOUR ACCOUNTS. THINK!".kyle wrote:Not even for a resource repository? I'm not compleatly done with it, but the plans are to link @forums accounts to the usernames that people had at one time. Also i want to allow configuration files to be uploaded.
Of course, our users are already gullible as hell. Downloading and running native code from the net. Who knows what it does on their machines? And before you say, no, it being open source does not help. I could upload binaries based on modified sources and nobody would notice.
-
- Adjust Outside Corner Grinder
- Posts: 2003
- Joined: Tue Nov 07, 2006 6:02 pm
- Location: paris
- Contact:
Re: Global Login Checker
You could do token-based authentication with an actual server as token provider. It's safe, doesn't require new things, but does not let you authenticate without armagetron installed. I think I could set up such a thing.
Re: Global Login Checker
There's been something like this on my website, http://tronner.com, for a long time now. users can log in to any authentication and view their stats n' stuff.
- AI-team
- Shutout Match Winner
- Posts: 1020
- Joined: Tue Jun 23, 2009 6:17 pm
- Location: Germany/Munich
- Contact:
Re: Global Login Checker
Yeah I'm also not sure what's so special about that
"95% of people believe in every quote you post on the internet" ~ Abraham Lincoln
- kyle
- Reverse Outside Corner Grinder
- Posts: 1876
- Joined: Thu Jun 08, 2006 3:33 pm
- Location: Indiana, USA, Earth, Milky Way Galaxy, Universe, Multiverse
- Contact:
Re: Global Login Checker
Not anything special, it is just the security concerns of the way it works. But i did think it was "as secure as tron"
Re: Global Login Checker
Since nobody seems to have a problem with it, and nobody ever posted the result, I figured I may as well do it.
It doesn't use a prehashed password because I didn't feel like doing it both ways, in case they didn't have JS enabled. Not much of a difference in security though, because nobody checks what JS does on the page anyways, so I could do about anything I wanted.
// Attached. Code boxes suck here.
It doesn't use a prehashed password because I didn't feel like doing it both ways, in case they didn't have JS enabled. Not much of a difference in security though, because nobody checks what JS does on the page anyways, so I could do about anything I wanted.
// Attached. Code boxes suck here.
- Attachments
-
- authenticate.tar.gz
- (1.26 KiB) Downloaded 270 times
Re: Global Login Checker
Oops...
Forgot to mention... I've merged the global script into vertrex_website in launchpad. The script and all related filed are located here: http://bazaar.launchpad.net/~zodiacsohm ... d:/global/
I've actually based the script off exactly how it is done in the game code. Not to the exact point but I was able to bring out the near exact result.
The script is as simple as it can be although the usage it still up to the user. So, don't use it to steal passwords and stuff like that...
Anyway you got two options now. Either to use mine or the one that Light kindly scripted for all to use
Forgot to mention... I've merged the global script into vertrex_website in launchpad. The script and all related filed are located here: http://bazaar.launchpad.net/~zodiacsohm ... d:/global/
I've actually based the script off exactly how it is done in the game code. Not to the exact point but I was able to bring out the near exact result.
The script is as simple as it can be although the usage it still up to the user. So, don't use it to steal passwords and stuff like that...
Anyway you got two options now. Either to use mine or the one that Light kindly scripted for all to use