Re: An appology to all
I am not sure of this developer's background with respect to their experience or inexperience. However, everyone learns through mistakes. It could just be that this developer is not fully aware of password hashing to make passwords secure, and one person cannot possibly think of everything, especially if this is their first time in the developer world.
I agree with the posts condemning this apology, however. Even for something like TDV where the user enters a password, the passwords are put through a one-way hash and stored that way. Although these are just games, it is true that the developer should not depend on users to make their software secure. When you enter your password into a website or application, you lend trust to the developer that such information is stored in as secure a manner as possible.
For instance, with TDV, when someone connects to the server, they are sent through an SSL connection when they supply their password. Why? Because in this case hashing does not prevent packet sniffers from gaining potentially sensitive data.
Developers should always be mindful that users can (and will) use sensitive passwords on gaming websites.
This might have just been an honest mistake and we can hope that the developer in question has gained (or is in the process of gaining) valuable skills--password encryption.
There are commercial websites that store passwords in plaintext so I don't think the developer should be slaughtered for it. They just need to be mindful, and perhaps they were honestly made aware of something that did not occur to them before.
_______________________________________________ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
