Ryzom

The login for the threads used to be in sync with the accounts, this is no longer the case, my old login is still working on the forums where as my new login is working in game.

Well, I checked with the forum gurus and they said that this would happen if the password got changed before the forums were back up. If you would like the logins to match then you can change them again in your profile on the main site. Sorry about that, we were unaware that this would happen.

On a side note, why are the forums not also SSL since the logins do sync (if done like you said), currently there passed plain text back and forth from the client to the php server, its logical to think that if someone was lame enough to try to break the system they will also put a packet sniffer on the encoding to detect login credintials.

I would like to see the locked key on my internet explorer window for the entire site knowing now that you all are under some lame brains idea of fun to hack.

Zumwalt's last post is the key issue.

Cerest, let your programmer's understand that they only have two choices that provide improved security from here.

1) Put the Forum Login page on SSL so that a "lock" shows up on the page and no one can sit out in cyberspace trying to sniff your packets and learn your log-in username and password which also are your game log-in and password. Or ...

2) Allow players to assign a different username and password to the forum log-in procedure than for game log-in. Or ...

3) Do both

Now, I hate to tell you this but even when I was an outsider not yet a member playing the game I said to myself, that's a problem.

Anarchy Online changed the method for their forums for the very same security concerns. Sony Online Entertainment makes its Station Name Passport Usernames and passwords different from those used to get into the game.

Point is .... this is not a new concept. I appreciate your programmer's quick action and decision to err on the side of caution and take down the website to protect our customer information, etc. Bravo. But the current issue , if correctly stated by Zumwalt, of the forum using the same username and password on an insecure log-in to forum page, as the one we use to securely log in to the game, is in itself an obvious security breach.

To reiterate, if a guy with a packet sniffer picks up that information during forum log-in, he has the game log in info as well, from which he can hijack not only your gameplay but your account info as well.

So let's take it to the next step , shall we? Make the forum log-in SSL secure (encrypted "lock" page) or ... allow us to assign from the account feature an alter-ego name and password for the forums.

By the way, this is supposed to be standard operating procedure nowadays for online games, although some don't do it yet. Nevrax should want to show that it has learned from history and knows the basic context of the times we live in.

Secure the forums: either desync the log-ins for Forum and Game use, or SSL the forum log-in and site. My guess is that the first concept is simpler and will save on bandwidth.

This is the first time I've actually seen the Nevrax devs seem a bit uninformed and behind the curve in the MMORPG field. Let's remedy that as soon as possible.

Have a nice day.