Jump to content

NattyMan0007

PC Member
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0

About NattyMan0007

  • Rank
    Initiate

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Considering you've put in all this effort into Saryn, could you perhaps un-vault her prime so we can appreciate it, just for a lil' bit? @[DE]Rebecca
  2. Can we get a "build all" function for decorations in the dojo. That just adds up all the costs and we can contribute to them as a whole. If we don't fill up the required resources just start building the first decoration that has all their materials supplied. This would be super useful for people who have 100s of decorations and just want to play around first before committing to any builds. @[DE]Rebecca
  3. @[DE]Rebecca can we get the data serialized as JSON? Would make parsing it easier if we want to use this data elsewhere Thanks 🙂
  4. Question. Why is keeping passwords such a big deal? You should be storing them in a way that they're secure so that even if someone did get access to them they can't do anything with them. Take the MD5 hash of the password plus a random salt when the account is generated, store it, and compare to that on login. MD5 hashes are one way and adding a salt into it randomly secures it somewhat against brute-forcing. You don't really need an IP to validate ownership just use a session uid that expires in say, 10 minutes. Email a link containing that uid in a link as a URL param and validate that way. You could even keep a key in the browser cache that you check to see if it's the same browser that created the account. That still leaves email storage which you could just get rid once the account is verified and leave it as username/password login. That way technically all you're storing is a username which isn't classed as "personal information" (not sure about EU rules). Only permit the user to use the site once they're verified that way not just anyone can use it. Technically the same way it's set up now. I also don't get why storing a build is such an issue also. All you're doing is storing parameters for the UI to show a build the same way you'd store someone's settings on their computer so that a user can edit it. I don't see a need for things to be deleted permanently especially because a lot of people rely on previously created builds. There's a number of loopholes you can use to get around storing personal information. The EU is a sucker for this kind of stuff. Hope that gives you any alternatives. Source: Web/Software developer with adequate industry experience.
×
×
  • Create New...