Sh0ckw4ve Posted April 13, 2013 Posted April 13, 2013 I recently began the development of a browser-based game engine from scratch in PHP using MongoDB as a database back-end, in the hopes of building an engine that is cleaner, more maintainable/extensible, more scalable and more secure than many current commercially available engines. I am developing it as a base on top of which I am building my own text-based game (http://www.overloadgame.com), which you can check out if you want to give the engine a little spin. http://i.imgur.com/3gPXrS0.png http://i.imgur.com/ccC4Teo.png I am aware that the game is lacking in many features you would normally expect, but the point was more as a technical demonstration of the underlying engine framework, rather than an actual fully-featured game. In addition, although there are some design aspects that are loosely taken from it, I am trying wherever possible to transition away from the stereotypical MCCodes-derived text-based game atmosphere into something new and more interesting. If I can get the current (alpha) version of the engine complete and in a vaguely usable state, I'll probably start releasing incremental builds of the codebase for other people to use to build their own games on top of. Quote
Sh0ckw4ve Posted April 13, 2013 Author Posted April 13, 2013 "you have at least 2 games running it" Surely that explains why I dislike it :P Quote
Sh0ckw4ve Posted August 2, 2015 Author Posted August 2, 2015 It doesn't use MongoDB, it uses plaintext files which store your passwords in plaintext. I just hacked the site and found Sh0ckw4ve's password in it and go figure, he used the same password on these forums too. Always use unique, randomly generated passwords anytime you sign up to anything. Quote
SecurityEh Posted October 19, 2015 Posted October 19, 2015 I cry every tim, but really plain text passwords this is 2015 people and yet md5 and plain text passwords are still a thing xD. There's only a certian few that I know use sha512/sha256 :) Quote
IllegalPigeon Posted October 19, 2015 Posted October 19, 2015 There's only a certian few that I know use sha512/sha256 :) Can you please inform them that they are also doing it wrong? Quote
SecurityEh Posted October 21, 2015 Posted October 21, 2015 Can you please inform them that they are also doing it wrong? Myself and TheMasterGeneral have already done so, However I would like to point out that many people still use md5 or plain text and for the majority of people that play said game would not know so in the event of a possible compromise it everyone's password's would be exposed and abused. Quote
IllegalPigeon Posted October 21, 2015 Posted October 21, 2015 Myself and TheMasterGeneral have already done so, However I would like to point out that many people still use md5 or plain text and for the majority of people that play said game would not know so in the event of a possible compromise it everyone's password's would be exposed and abused. I'm just informing you that "sha512/sha256" is also incorrect and, in the grand scheme of things, not secure. They are not much better than md5, strictly speaking. Quote
SecurityEh Posted October 21, 2015 Posted October 21, 2015 I'm just informing you that "sha512/sha256" is also incorrect and, in the grand scheme of things, not secure. They are not much better than md5, strictly speaking. I agree sha256/sha512 are not 100% secure although slightly better then having no hash I suppose and yeah give someone enough time with a GPU and a decent wordlist would make most brainwallet passwords that are hashed with say sha256 easily beaten. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.