Sometimes I want to use passwords that I use in real life
Don't. Neither me or anyone else is here to teach you about basic
security common sense, so i'll just say "don't" and add a funny story below.
Both Reloaded and FOnline2 use FOnline version where character creation is handled mostly by client itself, and scripts have limited access to new character data. Password is not one of them. On top of that, only password hash is sent and saved by server, password itself stay only in client memory and .cache file. Other servers, using newer SDK, might have full access to all informations, as whole registration screen is handled by scripts. However, i don't know new SDK enough to be 100% sure of that.
But devil is in the details.
I worked once with server which, for some reason, logged every single line player typed in chat and sent back to server. There could be multiple reasons for that, so idea itself wasn't a problem. Problem was, that it also logged lines with ~commands (and less known ~~commands), such as ~changepassword and ~deleteself which must contain your password to work. If you know how, you could prevent that but risked permanent ban (server really didn't like
third party tools, and without any your password could "leak" to server devs). I've added some guards in there to ignore lines with sensitive info, and heard from project leader it was simply overlooked.
That still didn't made password visible to GMs. Only people having access to server machine, or wherever this data was stored, could catch such "leak".
Some notes:
- When i worked servers back then, i always used my own
third party tool for debugging and testing things, with main dev permission
- I was working on something related to client->server communication so i could catch unusual traffic
- I had full access to server codebase so i could check first-hand what's really going on
That's the end of funny story.
