Jump to content
00Eleanor00

problemma hacking accounts

Recommended Posts

(EN)

first, the login is checked and the database is checked whether the user is logged in. A hardware id verification is added to the database if the verification is correct and the client’s mark is equal to the offline value then skip the client if not then skip and enter the verification via the verification server of the email with a request to send a random code if hardware id does not match and send a warning to the email from the server that someone wants to enter and send a random confirmation code to confirm it in the client to make an agjax with the prohibition of inserting a password so that improve safety by reading from the cache copy requests to send over some test servers with different coded packet then no packet sniffer will not capture packets

(RU)

сначала идет логин и проверяется база данных вошел ли пользователь к этому добавляется верификация hardware id с базой данных если верификация правильная и пометка клиента равна значению офлайн тогда клиент пропустить если нет тогда не пропускать и ввести проверку через сервер верефикации эмейла с запросом на отправку рандомного кода если hardware id не совпадает и присылать на эмайл с сервера предупреждение что кто то хочет войти и выслать рандомный код подтверждения для его подтверждения в клиенте сделать аджакс с запретом вставки пароля что бы повысить уровень безопасности от считывания из кеша копирования запросы слать через несколько проверочных серверов с разными кодированными пакетами тогда никакие перехватчики пакетов не будут перехватывать пакет 

Share this post


Link to post
Share on other sites
7 minutes ago, 00Eleanor00 said:

rough sketch of protection against hacking accounts

Don't click dodgy looking links and put your password in

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, 00Eleanor00 said:

rough sketch of protection against hacking accounts

 

59 minutes ago, 00Eleanor00 said:

(EN)

first, the login is checked and the database is checked whether the user is logged in. A hardware id verification is added to the database if the verification is correct and the client’s mark is equal to the offline value then skip the client if not then skip and enter the verification via the verification server of the email with a request to send a random code if hardware id does not match and send a warning to the email from the server that someone wants to enter and send a random confirmation code to confirm it in the client to make an agjax with the prohibition of inserting a password so that improve safety by reading from the cache copy requests to send over some test servers with different coded packet then no packet sniffer will not capture packets

 


Confused -- Are you asking a question or trying to give information?

 

Edited by LittleMe Jewell

Share this post


Link to post
Share on other sites
On 10/25/2018 at 9:35 AM, 00Eleanor00 said:

send a warning to the email from the server that someone wants to enter and send a random confirmation code to confirm it in the client

This would be a really good way to kill SL. People are not going to want to have to verify every time they log into SL. Especially those who find it necessary to log in/out several times a day.

Share this post


Link to post
Share on other sites
On 11/9/2018 at 9:51 AM, Selene Gregoire said:

This would be a really good way to kill SL. People are not going to want to have to verify every time they log into SL. Especially those who find it necessary to log in/out several times a day.


I think a few big content creators would want it, since they have so much tied up in sl. 

Share this post


Link to post
Share on other sites
42 minutes ago, bigmoe Whitfield said:


I think a few big content creators would want it, since they have so much tied up in sl. 

So, every time we crash we have to enter a conformation code? Screw that. I log in and out 4 or 5 times a day... Thats crazy to implement. You think LL wants to code something like that? I can just picture a code error that sends thousands of emails to every user.. 

Share this post


Link to post
Share on other sites
8 hours ago, Drake1 Nightfire said:

So, every time we crash we have to enter a conformation code? Screw that. I log in and out 4 or 5 times a day... Thats crazy to implement. You think LL wants to code something like that? I can just picture a code error that sends thousands of emails to every user.. 

This kind of verification is EXTREMELY common and easy to implement these days. It doesn't have to be done on every login, the confirmation could only be done once per device and/or once every X hours/days.

Share this post


Link to post
Share on other sites
44 minutes ago, Wulfie Reanimator said:

This kind of verification is EXTREMELY common and easy to implement these days. It doesn't have to be done on every login, the confirmation could only be done once per device and/or once every X hours/days.

Most sites that i have seen with this use it every time you log in to the site. Its a pain in the butt, which is why I rarely use them. 

Whats the point? You have a secure password, don't you? Why do we need to enter a code?  The biggest protection against getting "hacked"(which doesn't and never has happened in SL, people log in to a bogus SL site.. Thats stupidity not hacking.) is not logging in your details to any bogus site. No one has had their account actually hacked through the LL servers. 

  • Like 1

Share this post


Link to post
Share on other sites
13 minutes ago, Drake1 Nightfire said:

Most sites that i have seen with this use it every time you log in to the site. Its a pain in the butt, which is why I rarely use them. 

I have never seen this, and every financial services and telecom company I deal with online uses a form of 2FA. Every one. It's completely transparent to me after the first exchange of credentials on a particular device. Done right, that is. If the multi-factor challenge is being presented more than once per device, somebody truly did not understand what they were doing, actually decreasing security in the process.

Share this post


Link to post
Share on other sites
29 minutes ago, Drake1 Nightfire said:

Most sites that i have seen with this use it every time you log in to the site. Its a pain in the butt, which is why I rarely use them. 

Whats the point? You have a secure password, don't you? Why do we need to enter a code?  The biggest protection against getting "hacked"(which doesn't and never has happened in SL, people log in to a bogus SL site.. Thats stupidity not hacking.) is not logging in your details to any bogus site. No one has had their account actually hacked through the LL servers. 

So you're saying "stupid people" deserve their accounts getting broken into? Now that is prime stupidity..

And that's not even the only way to have it happen. Using the same password on multiple sites and any one of those sites getting hacked (which DOES happen, and LL doesn't have any special immunity) puts all of your accounts at risk.

But I guess that just falls into stupidity in your books too, as well as getting a virus or man-in-the-middle attacks, or any possible way your password might be exposed.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...