Ascended password in URL

[Sphinx42]

Today, I mistyped my password on Ascended (again); thing happens, especially if you wake up too early. Anyway, this time around I thought I'd ask about something I noticed the last time I did the same mistake.

The login and password you have entered (name/email/pass - Preem Palver/[edited]/[edited]) do not match.
Try to retype them again.
If you had a quote in your name, it has been replaced by a dash (-)

The same thing appears in the URL:

Code: Select all

http://ascended.gatewars.com/index.php?strErr=The%20login%20and%20password%20you%20have%20entered%20%28name/email/pass%20-%20Preem%20Palver/[edited]/[edited]%29%20do%20not%20match.%3Cbr%3E%20Try%20to%20retype%20them%20again.%20%20%3Cbr%3EIf%20you%20had%20a%20quote%20in%20your%20name,%20it%20has%20been%20replaced%20by%20a%20dash%20%28-%29

I'm not sure it was done like this on purpose, but since it shows up in the URL, it also shows up in my Firefox history. So, the possibility exists (however remote) that someone could gain access to my laptop and, seeing the mistyped password, guess the real one and log in to my Ascended account (and possibly others if I were to use the same password on multiple sites/servers). Or, on second thought, that someone could see the red text over your shoulder - which kinda defeats the purpose of the password field.

Before anyone suggests, I do have a fairly strong password and it's different from any other password I use; also, I've deleted the URL from my history just to be sure. Still, I think this could be an issue for others, and the advantage of seeing what you've mistyped is outweighed by the chance of someone else being able to see it.

[Lithium]

try to login correctly and see if psw is in yr url. if not then its fine. also if smone breaks into yr house and steal yr laptop then dont call admin

[stuff of legends]

I'm not sure it was done like this on purpose, but since it shows up in the URL, it also shows up in my Firefox history. So, the possibility exists (however remote) that someone could gain access to my laptop and, seeing the mistyped password, guess the real one and log in to my Ascended account (and possibly others if I were to use the same password on multiple sites/servers). Or, on second thought, that someone could see the red text over your shoulder - which kinda defeats the purpose of the password field.

If someone managed to access your comp then the history of sgw would be the last thing you would want to worry about. If you are so worried use chromes incognito or go wipe your history, cache, and cookies every so often.
Yes its probably not one of admins brightest moments with sending and receiving sensitive info and then echo'ing it back, but its hardly a high stake. Now you know it exists you can hide it from the publics view when you enter it.

[Sarevok]

I suppose it couldn't hurt to just not send back the invalid information, just say "It's wrong, try again".

Also, there are people that access it at public location, to which someone maybe able to login.

[Sphinx42]

try to login correctly and see if psw is in yr url. if not then its fine. also if smone breaks into yr house and steal yr laptop then dont call admin

Of course, it isn't - otherwise, I would have posted about that. It's not the correct password, but it is almost the correct one - and while I don't use simple words or phrases in my passwords, others do. And, of course, admin will not be the one I'll call if someone steals my laptop - but that doesn't mean I shouldn't post here, if nothing else, to make sure it isn't something he may have forgotten to change (seeing how Ascended has been updated less regularly than Main).

If someone managed to access your comp then the history of sgw would be the last thing you would want to worry about.

I don't care much about my browser history (or my Ascended account, to be honest), I was just trying to help prevent it from happening to others - and, given enough time, someone will come complaining that their Ascended account was 'hacked', and this could be one of the reasons.

If you are so worried use chromes incognito or go wipe your history, cache, and cookies every so often.
[...] Now you know it exists you can hide it from the publics view when you enter it.

I don't want to quote my first post, so I'll just say that yes, I do know about it and what to do to avoid it (not to mention that it is unlikely anyone would have access to it) - but others might not. If one newbie will read this and understand it and learn something new, it will have been worth posting it.

Also, there are people that access it at public location, to which someone maybe able to login.

Exactly - while there isn't much of a chance of anyone going through my history on my laptop and I don't even think there are more than a couple of people in my city who play GW (and those I know quite well), it could be an issue for people in other places, so I thought I'd point this out, since I didn't find anything about it anywhere.