Created 2,687 Days Ago
Hello.

I was about to test this game and see  what it was all about. When i was registering my internet actually crapped out and it dropped.
I noticed however there is totally no encryption on this website. not even client sided to send the passwords.
let alone they are using the GET protocol to send a REGISTER form to the server instead of POST (really).

Enough with my little rant here.
I think the security of this website can be improved and they can use some encryption. I hope the devs will look at this.

Screenshot as proof:
http://snag.gy/bUE1U.jpg

PS.
I think this is major because I don't believe there is encryption used at the webserver aswell, with one hack of this dear game (which is probably possible with this lack of security) your dear passwords, emails and usernames are just in the open for any evil hacker.



Posted 2,687 Days Ago
Not sure why he used GET functions as opposed to POST for it myself, but as far as I know, all passwords are MD5'd upon registration (meaning they are not even stored in the database in "normal" format, and are encrpyted to the standard SHA256 or 512 and it's likely only used just for the registration page itself; which is not a big deal).

I could be wrong on that, but it's a pretty standard practice for web development to MD5 / salt / encrypt your passwords in the database in case a hack or something similar does occur.
Posted 2,686 Days Ago
As LegendK1ll3r said, all passwords are well encrypted within the database, there is no issue there. Once the password is submitted to the login / registration page, it is encrypted and checked against the database. There is a reason for using GET rather than POST, mostly just something that's needed for how a part of the system works. I'll probably look into a way to be able to use POST sometime in the future, but it's not a big issue at the moment. Everything should be pretty secure. Please feel free to contact me at [email protected] if you would like to discuss anything further. Thanks!