00Eleanor00 Posted October 25, 2018 Share Posted October 25, 2018 rough sketch of protection against hacking accounts Link to comment Share on other sites More sharing options...
00Eleanor00 Posted October 25, 2018 Author Share Posted October 25, 2018 (EN) first, the login is checked and the database is checked whether the user is logged in. A hardware id verification is added to the database if the verification is correct and the client’s mark is equal to the offline value then skip the client if not then skip and enter the verification via the verification server of the email with a request to send a random code if hardware id does not match and send a warning to the email from the server that someone wants to enter and send a random confirmation code to confirm it in the client to make an agjax with the prohibition of inserting a password so that improve safety by reading from the cache copy requests to send over some test servers with different coded packet then no packet sniffer will not capture packets (RU) сначала идет логин и проверяется база данных вошел ли пользователь к этому добавляется верификация hardware id с базой данных если верификация правильная и пометка клиента равна значению офлайн тогда клиент пропустить если нет тогда не пропускать и ввести проверку через сервер верефикации эмейла с запросом на отправку рандомного кода если hardware id не совпадает и присылать на эмайл с сервера предупреждение что кто то хочет войти и выслать рандомный код подтверждения для его подтверждения в клиенте сделать аджакс с запретом вставки пароля что бы повысить уровень безопасности от считывания из кеша копирования запросы слать через несколько проверочных серверов с разными кодированными пакетами тогда никакие перехватчики пакетов не будут перехватывать пакет Link to comment Share on other sites More sharing options...
Cindy Evanier Posted October 25, 2018 Share Posted October 25, 2018 7 minutes ago, 00Eleanor00 said: rough sketch of protection against hacking accounts Don't click dodgy looking links and put your password in 2 Link to comment Share on other sites More sharing options...
LittleMe Jewell Posted October 25, 2018 Share Posted October 25, 2018 (edited) 1 hour ago, 00Eleanor00 said: rough sketch of protection against hacking accounts 59 minutes ago, 00Eleanor00 said: (EN) first, the login is checked and the database is checked whether the user is logged in. A hardware id verification is added to the database if the verification is correct and the client’s mark is equal to the offline value then skip the client if not then skip and enter the verification via the verification server of the email with a request to send a random code if hardware id does not match and send a warning to the email from the server that someone wants to enter and send a random confirmation code to confirm it in the client to make an agjax with the prohibition of inserting a password so that improve safety by reading from the cache copy requests to send over some test servers with different coded packet then no packet sniffer will not capture packets Confused -- Are you asking a question or trying to give information? Edited October 25, 2018 by LittleMe Jewell Link to comment Share on other sites More sharing options...
00Eleanor00 Posted October 25, 2018 Author Share Posted October 25, 2018 (edited) Thanks for remark Edited October 25, 2018 by 00Eleanor00 Link to comment Share on other sites More sharing options...
Selene Gregoire Posted November 9, 2018 Share Posted November 9, 2018 On 10/25/2018 at 9:35 AM, 00Eleanor00 said: send a warning to the email from the server that someone wants to enter and send a random confirmation code to confirm it in the client This would be a really good way to kill SL. People are not going to want to have to verify every time they log into SL. Especially those who find it necessary to log in/out several times a day. Link to comment Share on other sites More sharing options...
bigmoe Whitfield Posted November 16, 2018 Share Posted November 16, 2018 On 11/9/2018 at 9:51 AM, Selene Gregoire said: This would be a really good way to kill SL. People are not going to want to have to verify every time they log into SL. Especially those who find it necessary to log in/out several times a day. I think a few big content creators would want it, since they have so much tied up in sl. Link to comment Share on other sites More sharing options...
Drake1 Nightfire Posted November 16, 2018 Share Posted November 16, 2018 42 minutes ago, bigmoe Whitfield said: I think a few big content creators would want it, since they have so much tied up in sl. So, every time we crash we have to enter a conformation code? Screw that. I log in and out 4 or 5 times a day... Thats crazy to implement. You think LL wants to code something like that? I can just picture a code error that sends thousands of emails to every user.. Link to comment Share on other sites More sharing options...
Wulfie Reanimator Posted November 16, 2018 Share Posted November 16, 2018 8 hours ago, Drake1 Nightfire said: So, every time we crash we have to enter a conformation code? Screw that. I log in and out 4 or 5 times a day... Thats crazy to implement. You think LL wants to code something like that? I can just picture a code error that sends thousands of emails to every user.. This kind of verification is EXTREMELY common and easy to implement these days. It doesn't have to be done on every login, the confirmation could only be done once per device and/or once every X hours/days. Link to comment Share on other sites More sharing options...
Drake1 Nightfire Posted November 16, 2018 Share Posted November 16, 2018 44 minutes ago, Wulfie Reanimator said: This kind of verification is EXTREMELY common and easy to implement these days. It doesn't have to be done on every login, the confirmation could only be done once per device and/or once every X hours/days. Most sites that i have seen with this use it every time you log in to the site. Its a pain in the butt, which is why I rarely use them. Whats the point? You have a secure password, don't you? Why do we need to enter a code? The biggest protection against getting "hacked"(which doesn't and never has happened in SL, people log in to a bogus SL site.. Thats stupidity not hacking.) is not logging in your details to any bogus site. No one has had their account actually hacked through the LL servers. 1 Link to comment Share on other sites More sharing options...
Qie Niangao Posted November 16, 2018 Share Posted November 16, 2018 13 minutes ago, Drake1 Nightfire said: Most sites that i have seen with this use it every time you log in to the site. Its a pain in the butt, which is why I rarely use them. I have never seen this, and every financial services and telecom company I deal with online uses a form of 2FA. Every one. It's completely transparent to me after the first exchange of credentials on a particular device. Done right, that is. If the multi-factor challenge is being presented more than once per device, somebody truly did not understand what they were doing, actually decreasing security in the process. Link to comment Share on other sites More sharing options...
Wulfie Reanimator Posted November 16, 2018 Share Posted November 16, 2018 29 minutes ago, Drake1 Nightfire said: Most sites that i have seen with this use it every time you log in to the site. Its a pain in the butt, which is why I rarely use them. Whats the point? You have a secure password, don't you? Why do we need to enter a code? The biggest protection against getting "hacked"(which doesn't and never has happened in SL, people log in to a bogus SL site.. Thats stupidity not hacking.) is not logging in your details to any bogus site. No one has had their account actually hacked through the LL servers. So you're saying "stupid people" deserve their accounts getting broken into? Now that is prime stupidity.. And that's not even the only way to have it happen. Using the same password on multiple sites and any one of those sites getting hacked (which DOES happen, and LL doesn't have any special immunity) puts all of your accounts at risk. But I guess that just falls into stupidity in your books too, as well as getting a virus or man-in-the-middle attacks, or any possible way your password might be exposed. Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now