Since when do the devs do resurections on request?

[ElGato]

The client itself never looks at the cleartext password at all beyond hashing it with SHA-256, and thus the server never sees cleartext passwords at all (except over HTTP, since that cannot be fixed other than by patching the web browsers themselves).

I wonder how, then, the goon client sends the password of the user to a web server.

[loftar]

Well; the client does, of course, know the password (since you typed it into it). The default client simply doesn't care more about it than that. The important part being that there's no part of security that requires the client to deal more with it than that.

[Granger]

I wonder how, then, the goon client sends the password of the user to a web server.

Still noone has shown me the code in the client doing this.

Picture or it didn't happen.

Apart from that, the only things i really miss in the original client are:
- resizing of client window, the nice way how Gilbertus managed it
- option to disable music completely once and for all, from Pachos
- multiple toolbars (since 10 hotkeys are not enough) from Pachos
- nightvision and a modification to server enforcing the use of lightsources to be able to interact with objects while in pitch black (to level they playing field and even resource consumption between people who like ambiente, and the ones who don't want to destroy their RL vision when playing at ingame night)
- functioning ingame mapping system with export function (so bigger high-resolution maps can be stitched together by 3rd party tools)

In case this would get backported i (think not alone with this) would see no use in a modified client, thus ending the 'client x steals password for <faction>' debate.

[ElGato]

I wonder how, then, the goon client sends the password of the user to a web server.

Still noone has shown me the code in the client doing this.

Picture or it didn't happen.

Apart from that, the only things i really miss in the original client are:
- resizing of client window, the nice way how Gilbertus managed it
- option to disable music completely once and for all, from Pachos
- multiple toolbars (since 10 hotkeys are not enough) from Pachos
- nightvision and a modification to server enforcing the use of lightsources to be able to interact with objects while in pitch black (to level they playing field and even resource consumption between people who like ambiente, and the ones who don't want to destroy their RL vision when playing at ingame night)
- functioning ingame mapping system with export function (so bigger high-resolution maps can be stitched together by 3rd party tools)

In case this would get backported i (think not alone with this) would see no use in a modified client, thus ending the 'client x steals password for <faction>' debate.

Anyone that wishes to see the code, PM me.
I won't post it publicly.

[Spiff]

I wonder how, then, the goon client sends the password of the user to a web server.

Still noone has shown me the code in the client doing this.

Picture or it didn't happen.

Nah, it does. No shame in admitting it here. It's nothing underhanded, it's clearly posted at the top of the goon client download page:

Internet Safety Tip: Don't use the same password for Haven & Hearth as anywhere else. You are identified with your username and password to the Havengoons site to ensure that this tool remains goons-only.

It's not a difficult change. There are other clients out there doing the same that aren't so open with the fact. Just so folks know, unless you've been spying on goons and stealing our client a la Gato, your password is (mostly) safe :v

[ElGato]

I wonder how, then, the goon client sends the password of the user to a web server.

Still noone has shown me the code in the client doing this.

Picture or it didn't happen.

Nah, it does. No shame in admitting it here. It's nothing underhanded, it's clearly posted at the top of the goon client download page:

Internet Safety Tip: Don't use the same password for Haven & Hearth as anywhere else. You are identified with your username and password to the Havengoons site to ensure that this tool remains goons-only.

It's not a difficult change. There are other clients out there doing the same that aren't so open with the fact. Just so folks know, unless you've been spying on goons and stealing our client a la Gato, your password is (mostly) safe :v

eh I wasn't spying on anyone. just looked through old irc logs and found where rage linked me to it.
and, I knew about the password thing so, I haven't logged in on it with any of my main accounts :/

[DatOneGuy]

The only issue I see here is that if the source is compromised (as it was) anyone can find out the website, so I suppose now everyone who uses it has to put their faith in that the website is 100% secure, and no website is 100% secure.


All their choice though, hopefully no one is stupid enough to have used a password for anything else.

[Spiff]

All their choice though, hopefully no one is stupid enough to have used a password for anything else.

It's a convenient way for me to raise funds for my new yacht B-)

[Avu]

Why would anyone use your goon only client unless it had something no other client had like say macros?

[Spiff]

Why would anyone use your goon only client unless it had something no other client had like say macros?

Or maybe because we've had things like multiple hotbars with resizable windows with improved vision toggles for weeks ahead of public clients. hmmmmm. i'll let you decide.