this post was submitted on 28 Sep 2023

323 points (75.7% liked)

Games

32918 readers

2075 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

Submissions have to be related to games
No bigotry or harassment, be civil
No excessive self-promotion
Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
Mark Spoilers and NSFW
No linking to piracy

More information about the community rules can be found here.

founded 2 years ago

MODERATORS

[email protected]

323

Larion Studios forum stores your passwords in unhashed plaintext. (lemmy.world)

submitted 1 year ago by Cabrio to c/games

217 comments fedilink hide all child comments

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 11 points 1 year ago (23 children)

Are you suggesting to do all this on the frontend before it goes to the backend?

[+] Cabrio -19 points 1 year ago* (last edited 1 year ago) (21 children)

The front end to backend traffic should be encrypted, hashing occurs on the backend. The backend should never have access to a variable with a plaintext password.

I'm going to have to stop replying because I don't have the time to run every individual through infosec 101.

[–] poopsmith 4 points 1 year ago* (last edited 1 year ago) (10 children)

Maybe I'm misunderstanding you, but backend servers will almost always have the user-submitted password in plaintext as a variable, accessible to the backend server and any upstream proxies.

It's even how it's done in Lemmy. The bcrypt verify accepts the plaintext password and the expected salted hash.

load more comments (7 replies)

load more comments (17 replies)

load more comments (18 replies)