Currently Online

Latest Posts

Topic: Hide the password

Vassili
Avatar
Topic Opener
Joined: 2013-10-12, 19:19
Posts: 169
Ranking
At home in WL-forums
Location: France
Posted at: 2016-07-29, 11:45

Can you please hide the password for the b19?

It's very awful that when i stream on Twitch, i click on multiplayer and then, my password suddenly appear to everybody (i have deleted a 2h15 replay for that) !

Yes, you will answer the b19 is finished, you just debug it, but i do not ask a gameplay change.

Thanks.

[edit: can you please move this topic to the "Game suggestions" forum part please?]

Edited: 2016-07-29, 14:34

Top Quote
kaputtnik
Avatar
Joined: 2013-02-18, 20:48
Posts: 2433
OS: Archlinux
Version: current master
Ranking
One Elder of Players
Location: Germany
Posted at: 2016-07-29, 18:22

I am not sure, but i think you could enter the online gaming zone without a password.

[edit: can you please move this topic to the "Game suggestions" forum part please?]

It is not possible to move an existing thread to another forum.


Fight simulator for Widelands:
https://wide-fighter.netlify.app/

Top Quote
SirVer

Joined: 2009-02-19, 15:18
Posts: 1445
Ranking
One Elder of Players
Location: Germany - Munich
Posted at: 2016-07-29, 18:38

This is a feature change which is no longer possible in first snow feature freeze iirc.

As another workaround you can check the box saying "keep using these credentials" and then the login box will never show up, effectively hiding your password on stream. Granted, neither the current situation nor this workaround are ideal, but this is what we currently got :/.


Top Quote
Vassili
Avatar
Topic Opener
Joined: 2013-10-12, 19:19
Posts: 169
Ranking
At home in WL-forums
Location: France
Posted at: 2016-07-29, 20:56

Ok, thanks for answers.

@kaputtnik: i will use my meta-server username

@SirVer: i used to never register my passwords, so i will just try to remember to hide the game before selecting the meta-server lobby


Top Quote
DragonAtma
Avatar
Joined: 2014-09-14, 01:54
Posts: 351
Ranking
Tribe Member
Posted at: 2016-07-30, 00:05

Then I recommend hiding the password as the first change for version 20.

There's a reason why virtually everywhere your password shows up as a line of stars or dots instead of the actual password.


Top Quote
GunChleoc
Avatar
Joined: 2013-10-07, 15:56
Posts: 3324
Ranking
One Elder of Players
Location: RenderedRect
Posted at: 2016-07-30, 09:44

Another problem with passwords is that they are stored unencrypted. So, the password system definitely needs a rework.


Busy indexing nil values

Top Quote
SirVer

Joined: 2009-02-19, 15:18
Posts: 1445
Ranking
One Elder of Players
Location: Germany - Munich
Posted at: 2016-07-30, 10:14

There's a reason why virtually everywhere your password shows up as a line of stars or dots instead of the actual password.

afaik this is only true, if the password is also saved somewhere secure. As Gun said, Widelands does not encypt saved passwords for 2 reasons: 1) back in the days linking in encyption software meant your software was export restricted in the US - a lot of headaches for open source software. 2) doing encryption right is difficult and we have no specialist.

It was a deliberate choice to show the password in clear text - to emphasize that this password is not secure.


Top Quote
DragonAtma
Avatar
Joined: 2014-09-14, 01:54
Posts: 351
Ranking
Tribe Member
Posted at: 2016-07-30, 13:08

You really, really should encrypt the passwords.


Top Quote
einstein13
Avatar
Joined: 2013-07-29, 00:01
Posts: 1118
Ranking
One Elder of Players
Location: Poland
Posted at: 2016-07-30, 17:47

I don't think that encryption the password here is the most important thing we should do. The password is only to log into the metaserver. Nothing else. But if we want to make any changes, I can see 2 "simple" ways:

  1. To change word "password" to "keyword" or something similar to "password" but not encrypted.
  2. To use some very simple (but working) encryption like base64. It's open, It's (almost) impossible to go back and get real password, but it is fast enough to check equality of two passwords (you check encrypted forms, not basic ones). Many open projects works like that.

Maybe I am not understanding well SirVer's first point, but I think that it (2nd idea) can solve all the problems face-smile.png


einstein13
calculations & maps packages: http://wuatek.no-ip.org/~rak/widelands/
backup website files: http://kartezjusz.ddns.net/upload/widelands/

Top Quote
DragonAtma
Avatar
Joined: 2014-09-14, 01:54
Posts: 351
Ranking
Tribe Member
Posted at: 2016-07-30, 23:45

The problem is that many people use the same password for multiple things. No, the metaserver password is not a big deal, but what if someone uses the same password for their bank account?


Top Quote