Project 1999

Go Back   Project 1999 > General Community > Technical Discussion

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #11  
Old 05-04-2011, 10:41 AM
Rogean Rogean is offline
¯\_(ツ)_/¯

Rogean's Avatar

Join Date: Oct 2009
Location: Massachusetts
Posts: 5,392
Default

Quote:
Originally Posted by naekko [You must be logged in to view images. Log in or Register.]
Sorry, I'm a little slow Rogan! How do they change the e-mail address on the EQEmu account if you require them to click a link on the current e-mail address to change it.

Hacker gains access to EQemu account, tries to request a password for login server -> e-mail sent to current e-mail account (which he doesn't have access to).

Hacker tries to change e-mail address of current EQemu account -> e-mail sent to current e-mail account to confirm

In all of this he needs the current e-mail account to do anything right? I know you were worried about vulnerabilities in Vbulletin when you designed the EQEmu system, but I think forum + e-mail is as far as you should have to take it. In the end it's the users responsibility and if they use the same password for everything and get hacked or downloaded a trojan or a million other things you shouldn't have to plan around it.

If someone had their EQEmu account hacked months ago and the hacker already changed the e-mail address (using the old system) then I can't really think of anyway to verify the original owner or protect them. Tough cookies I guess, but there has to be a cut off point somewhere right?
The email address for an eqemulator account can be changed without requiring any confirmation; That's the point... The system was designed to be used in situations where a user didn't have access to the email address currently on file, so why would it require confirmation from the old address? That would be silly.
__________________
Sean "Rogean" Norton
Project 1999 Co-Manager

Project 1999 Setup Guide
Reply With Quote
 


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 06:33 PM.


Everquest is a registered trademark of Daybreak Game Company LLC.
Project 1999 is not associated or affiliated in any way with Daybreak Game Company LLC.
Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.