Page 1 of 3 123 LastLast
Results 1 to 15 of 32

Idea to make Hacking Impossible

This is a discussion on Idea to make Hacking Impossible within the General Chat forums, part of the Knight Online (ko4life.com) category; Maybe not impossible but just extremely hard. Okay, lets say that they did manage to get your ID and PW ...
Page: 1


  1. #1
    Road
    Guest

    Default Idea to make Hacking Impossible

    Maybe not impossible but just extremely hard. Okay, lets say that they did manage to get your ID and PW and they proceeded to hacking you. Then they try to select character and then another PW screen shows up! This isn't failsafe of course. Like you guys will still be scammed by people you thought you trusted with your info, but it will still make hacking from random people VERY hard. I think they need to add a PW to use that slot. Left slot can have PW, center slot, then right slot. And you make this PW when you registor, and you can change it (and view it) after you registor ONLY after putting in your secret question.

  2. #2
    ViSeH
    Guest

    Default

    But if they hack db they could still see it! It has to be stored somewere you know :rollseyes:

  3. #3
    __countess__
    Guest

    Default

    No i have another idea, let's make them to add another 12 password entries, so everytime you want to login you'll have to write the story of your life.

    /Sarcasm

    P.S. Sorry i usually don't do that but couldn't help it :P

  4. #4
    OneShot
    Guest

    Default

    it's better to encrypt the password on the DB and having a pass through algorythm to match if pwd entered is equal to the one stored... but they have to protect the algorythm...

    it's better to have GM's and/or constables always online and bann ppl on the fly, after permanent bann just delete all their stuff and delvl to -1.

  5. #5
    __countess__
    Guest

    Default

    Originally posted by ViSeH
    But if they hack db they could still see it! It has to be stored somewere you know *:rollseyes:
    And please oh please stop with the db-hack thing,it's a myth, if they did actually hack the db they wouldn't need yours or my items, they could just edit whatever items they wanted.

    Hacking of accounts occurs from sharing your account info, 3rd party programs, keyloggers and stupid bugs from patch to patch.

  6. #6
    H4mmeR
    Guest

    Default

    Any pernament PW must be stored in database.So if there ever was DB hack , adding more PWs wont help anyway.
    As way can be something like E-singature.Like u put ur ID,PW then system send unigue code to ur own E-mail.
    Then u in next step put this just genetared code to log in.But many ppl doubt if there was DB hack.And nothing can make u save from your own friends which shared ur acc.
    Sure u ll need to put this system in launcher and at sites also since u can change E-mail in sites.
    Anyway all this topic are pointless and useless.K2 wont take any suggestion made here.

  7. #7
    Senior Member
    Join Date
    Mar 2006
    Posts
    568

    Default .

    newbie shit to store password in the database, they should store the hashcode generated by the password, so only if u know the password u will be able to change it, hack database? only to see "#$"#$@@wetr345 and shit like that :P


    btw, whats going on atm?

  8. #8
    Doc
    Guest

    Default Re: .

    Originally posted by kohack
    newbie shit to store password in the database, they should store the hashcode generated by the password, so only if u know the password u will be able to change it, hack database? only to see "#$"#$@@wetr345 and shit like that * *


    btw, whats going on atm?
    Agreed about storing hash at least it takes longer to decrypt

    Not much going on atm "you still gay" lol

  9. #9
    Road
    Guest

    Default

    I never said the PW was Only stored ingame. You have the OPTION of making a PW to use that character slot. So when you feel like it. I could go to the website and make that PW and a BF hacker would be unable to log onto any of my slots w/o a PW, meaning he CAN'T steal my stuff. Understand now guys?

  10. #10
    lusian
    Guest

    Default

    Originally posted by __countess__
    No i have another idea, let's make them to add another 12 password entries, so everytime you want to login you'll have to write the story of your life.
    lol

  11. #11
    ViSeH
    Guest

    Default

    Nope it would still need to be somewere *cough* *cough* DB oh and about editing that is totaly bullshit you could edit cypher ( bera for a while ) and never could ares dies etc
    oh and some people could somehow edit other servers and I got no idea how!

  12. #12
    h4x0r Admin Devile's Avatar
    Join Date
    Mar 2006
    Posts
    2,554

    Default

    No offense Road, I know your ideas are meant to "improve" the game, but seriously, they don't.

    This kind of ideas are the ones that usually K2 follows. Patch over a patch instead of fixing a problem in a serious/professional way.

    The way to make hacking accounts impossible is just storing passwords encrypted in the database, isolating that DB from any external attack and recoding the website so there's no possible way to SQL inject anything into the DB, maybe even pair their firewall with an IDS so its even more secure. Also the website should validate every change in your account through email. PB should BLOCK all hacking tools that try to inject DLLs to KO just like HS did and start adding hardware bans so cheaters see they take cheating seriously.

    That's all. No need to reinvent the wheel or add annoying features. Its just plain old school PROFESSIONAL way of dealing with problems.

  13. #13
    Phosgene
    Guest

    Default

    Originally posted by Devile
    Also the website should validate every change in your account through email.
    ive been thinking on that too .
    everytime u change the pw it dont get changed till u verify urself through email .

  14. #14
    h4x0r Admin Devile's Avatar
    Join Date
    Mar 2006
    Posts
    2,554

    Default

    Is not just the PW. EVERYTHING.

    U change the contact info, then it should send an email saying "Hi, we recieved a change info request, to approve it, click in this long ass URL with an activation key if u didnt, please ignore this email". After the job is done another email with "Your info was changed". Same for pw, email and every operation.

    So u really have control over that interface and know whenever anyone is messing with it.

  15. #15
    ViSeH
    Guest

    Default

    The ip of the person who reqested should be added along with it

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •