Page 1 of 1
Password for log in not case sensitive
Posted: Fri May 09, 2008 1:34 pm
by Dark Lord Shaitan
Maybe I am wrong with this, but I always thought the passwords we put in were case sensitive. At work, our comps are set with caps locked, and well went through the usual log in, and it went through.
Re: Password for log in not case sensitive
Posted: Fri May 09, 2008 3:06 pm
by Juliette
Thought they always were case-insensitive?
Re: Password for log in not case sensitive
Posted: Fri May 09, 2008 3:07 pm
by Dark Lord Shaitan
I always thought they were case sensitive for players security from possible "hacks." If not then maybe they should be?
Re: Password for log in not case sensitive
Posted: Fri Aug 08, 2008 5:07 pm
by Dark Lord Shaitan
I have brought this issue back to the first page, since I remember telling admin about it in a meeting a few months back and that he would look into it. And it seems that it still has not been worked on, or changed.
Re: Password for log in not case sensitive
Posted: Sat Aug 09, 2008 3:24 am
by Child of the wolf
SGW pass words have never been case sensitive, though yes, I think they should be as well.
Re: Password for log in not case sensitive
Posted: Sun Aug 10, 2008 3:38 am
by Harlequin
Case insensitivity suggests that the passwords are either converted to entirely lowercase and hashed and the password you enter into the login form converted+hashed; or they are stored their raw form.
The latter means that the password you use for SGW can be read by anyone with database access, legally or otherwise.
The former is not without faults, either. Any attacker is safe in the knowledge that case is irrelevant, thus excluding 26 possible characters from their search. This is quite a serious issue, and I hope it is addressed by the admin.