Larian Banner
Previous Thread
Next Thread
Print Thread
Issues with forum. #671208
29/07/20 10:05 AM
29/07/20 10:05 AM
Joined: Jul 2020
Posts: 2
H
Herbzmoka Offline OP
stranger
Herbzmoka  Offline OP
stranger
H

Joined: Jul 2020
Posts: 2
As a fan of the studio, and a gamer looking forward to BG3, I made an account here. Quite frankly I am pretty shocked by the sloppy security protocols implemented here.

I want to raise the following issues, ofcourse in the hopes that these will be fixed (and imo they should be!).

1) No https for the forums, seriously? I am on holiday in a less-than-privacy-friendly country, and my first thought was the govt was mass-MITMing public traffic. Imo this is below ANY standard.
2) Plaintext passwords in email? Are you kidding me? I don't think I need to explain this one.
3) Only 20 characters for the passwords? Should be expanded a LOT imo.

These things combined makes me think that the website might not have been kept up to date as well as should be.
And to think I only tried to register here to let my voice be known for a Linux version of BG3!
Pretty negative first post, I understand that but... I feel these issues had to be raised, and level up the website along with your game design!

I appreciate all the hard work you guys have put into your game(s) and would say, keep it up!

Re: Issues with forum. [Re: Herbzmoka] #671247
29/07/20 09:20 PM
29/07/20 09:20 PM
Joined: Mar 2003
Posts: 27,611
Canada
Raze Offline

Larian Studios
Raze  Offline

Larian Studios

Joined: Mar 2003
Posts: 27,611
Canada

There are plans to update the forum, including for better security (the main issue with changing the forum software is concern over reliably migrating all of the existing content, since 2003).
After emailing (admittedly not current best practice), the passwords are hashed and only the hash is stored.

Re: Issues with forum. [Re: Herbzmoka] #671308
31/07/20 02:07 PM
31/07/20 02:07 PM
Joined: Jul 2020
Posts: 2
H
Herbzmoka Offline OP
stranger
Herbzmoka  Offline OP
stranger
H

Joined: Jul 2020
Posts: 2
I am happy to hear that you are aware and agree things could be better! And ofcourse also that there is plans for improvement smile Admittedly 20 characters passwords is kinda 2000s laugh

That said, no SSL is imo really an issue, hopefully you'll take that along in the upgrade at least, even tho I really see no reason at all not to have a cert for anything these days smile

Last edited by Herbzmoka; 31/07/20 02:09 PM.

Moderated by  Dom_Larian, Larian_QA, Lar_q, Lynn, Macbeth, Raze 

Powered by UBB.threads™ PHP Forum Software 7.6.2