FOnline Development > Questions and Answers
Can GMs see my password ?
(1/1)
NarrowMinded:
Hello, I am playing FOnline reloaded and FOnline 2. Sometimes I want to use passwords that I use in real life( for example in Gmail). But I don't know if the GMs can see my password when I create my character...
Wipe:
--- Quote from: NarrowMinded on September 19, 2018, 03:26:47 am ---Sometimes I want to use passwords that I use in real life
--- End quote ---
Don't. Neither me or anyone else is here to teach you about basic security common sense, so i'll just say "don't" and add a funny story below.
Both Reloaded and FOnline2 use FOnline version where character creation is handled mostly by client itself, and scripts have limited access to new character data. Password is not one of them. On top of that, only password hash is sent and saved by server, password itself stay only in client memory and .cache file. Other servers, using newer SDK, might have full access to all informations, as whole registration screen is handled by scripts. However, i don't know new SDK enough to be 100% sure of that.
But devil is in the details.
I worked once with server which, for some reason, logged every single line player typed in chat and sent back to server. There could be multiple reasons for that, so idea itself wasn't a problem. Problem was, that it also logged lines with ~commands (and less known ~~commands), such as ~changepassword and ~deleteself which must contain your password to work. If you know how, you could prevent that but risked permanent ban (server really didn't like third party tools, and without any your password could "leak" to server devs). I've added some guards in there to ignore lines with sensitive info, and heard from project leader it was simply overlooked.
That still didn't made password visible to GMs. Only people having access to server machine, or wherever this data was stored, could catch such "leak".
Some notes:
- When i worked servers back then, i always used my own third party tool for debugging and testing things, with main dev permission
- I was working on something related to client->server communication so i could catch unusual traffic
- I had full access to server codebase so i could check first-hand what's really going on
That's the end of funny story.
NarrowMinded:
Thank you for your answer Wipe ! And also for your story :)
You have great skills.
Kilgore:
Wipe is right, and I also encourage all players to use different passwords for any FOnline-related accounts (game characters, forums, wiki account etc.).
It's just common sense.
Same as don't share your passwords with anyone. If you need to share your characters with someone, then change your password first.
And don't download any "tools" posted by people you don't trust.
Also FYI: as for Reloaded, only one person has access to the server machine and that's me, and it has been always like that.
Maradon:
Thanks for the info. Can be used at all.
Navigation
[0] Message Index
Go to full version