Are email accounts also viewable by the same token?

Email accounts have to be unencrypted, otherwise you wouldn't be able to reset your password if you forget it. I doubt any site encrypts them. Unless, of course, it's a two-way encryption, in which case those with access to the source code could simply decrypt it when and as they please; the decryption is simply to prevent those who catch the information as it is sent from the script (at least I think so; I know nothing about how hacks work). If the problem is with admin access to the details, then the issue is of whether or not the details are permanently encrypted. Which, we are told, is now the case with passwords.

Ah well if stjimmy meant no harm to you then I guess we're all overreacting here then JamesTiberiusKirk.

Or, maybe you need to get a check on that self importance of yours just there.

Right, because "overreacting" was exactly what I meant there pal.

Kudos to you for twisting my words, though.

Yeah but 'I am on my own side'? sounds like you watch quite a lot of movies, or want to cast yourself as the hero in one.

You missed the point Awesome.

I would hate to imagine a screen that can be accessed by admins that showed the username, characters name, IRC nick, password and email account all together.

Downloading all of that info which is a simple copy and paste into notepad could be detrimental to alot of peoples email security.

Perhaps I did twist your words a little there Kirk, but you made it abundantly clear that you don't really give a shit about the rest of the userbase provided everything's hunky dory on your end. :/

El_Nino, grouping the username, email, and (one-way encrypted) password in one table is a very efficient means of account control. I would say that every single website to which users can register will have this set-up. And some would even add to this addresses, birth-dates, and phone numbers (and if not included in the same table, would be contained in a different table with rows that relate to the ID/Username of the other).

If you don't trust those with access to the database, then you shouldn't sign up to any website. What really needs to be asked is "which administrators do you trust with your personal information"? All the developers and coders (Mario, Squishy, FullMetal, and Anubis) would have to have access to develop and code. And according to the Directory page, so too does Ganelon. Do you trust these people? If so, do you trust the Assistants less?

If you don't trust them then it would be best to leave. And ask for your personal details to be removed. I'm sure they would obliged to do so. And the same with every other website.

Awesome, Nino referred to a "screen" displaying all that information in one place (presumably he was referring to assistants, not coders). That is very different from a database table, where obviously related information is stored in the same place.

Regarding trust. I would trust the position of developer/coder with this information (presuming encrypted passwords), but assistants are something else entirely and, in my opinion, shouldn't have access to any sensitive information (I include any chief assistant in that).

Note, I'm not saying there's anything wrong with the MR assistants, the ones I know are more than trustworthy, I'm talking merely about role semantics.

Perhaps I did twist your words a little there Kirk, but you made it abundantly clear that you don't really give a shit about the rest of the userbase provided everything's hunky dory on your end. :/

Reply by: Noah-Levenstein at Sep 07, '09 04:24

I would like to take a moment to clarify, everything IS hunky dory on Mr. Kirk's end. Rawr.

thanks. password changed

El_Nino, grouping the username, email, and (one-way encrypted) password in one table is a very efficient means of account control. I would say that every single website to which users can register will have this set-up. And some would even add to this addresses, birth-dates, and phone numbers (and if not included in the same table, would be contained in a different table with rows that relate to the ID/Username of the other).

First line bracketed words. one-way encrypted. If the password is encrypted and in one table with my email address I dont really care all that much, however if its on a page with an unencrypted password its an entirely different issue. I'm sure you would agree with that.

First line bracketed words. one-way encrypted. If the password is encrypted and in one table with my email address I dont really care all that much, however if its on a page with an unencrypted password its an entirely different issue. I'm sure you would agree with that.

Not really for me. The password I use for really important stuff -- email and laptop, for example -- is different to the 3 I use for websites. I trust the Hotmail staff not to use my password for the simple reason that they wouldn't need to; and the same with the MR staff with my MR password. Yes, I use the same password for a few other sites, but there's no way they could know which ones and what username I'd use. Not that it would matter, because they're not sites that would cause me harm if they were hacked into.

you can change it back to your old password, no?

You could when changing it twice however thats not advisable since the person who got unauthorized access could see everyones password.... so changing it back to your old would not solve the problem. So choose a new password.

Not really for me. The password I use for really important stuff -- email and laptop, for example -- is different to the 3 I use for websites.

With respect, whether it's an issue for you personally doesn't alter the fact it's a security issue.

That is true, yes. I misunderstood El_Nino's question, and thought he was asking if it was a specific problem for me, personally.

Perhaps I did twist your words a little there Kirk, but you made it abundantly clear that you don't really give a shit about the rest of the userbase provided everything's hunky dory on your end. :/

Reply by: Noah-Levenstein at Sep 07, '09 04:24

I would like to take a moment to clarify, everything IS hunky dory on Mr. Kirk's end. Rawr.

Reply by: Schism at Sep 07, '09 08:34

Thanks :-) Everything sure is fine

and if i did register yesterday im not in danger? =)

Yeah Calleux, it won't affect your account. So you're safe, safe as houses.