PrivPasses (Wishlist) - Awportals.com

Thread

Board Archives

	Bots
	Community
	General Discussion
	Sdk
	Wishlist
	Author Search

Site Features

	Citizens List
	Badges & Achievements
	Events Directory
	News and Articles
	Worlds List
	About Alphaworld
	Search Object Paths

Activeworlds Support

	Download Activeworlds
	Quickstart Tutorial

Historic Archives

	Truespace Archives
	Newsgroup Archives

PrivPasses (Wishlist)

PrivPasses // Wishlist

john viper

Nov 12, 2000, 8:15pm

While we are on the subject, I haven't tested to see if it is fixed in 3.0 but there has been a bug
in AW for a VERY long time. If someone is using your PPW and you change it, they can still use it
till they stop, and then cannot re-log-in with it. I think that as soon as you change your PPW
anyone who is using it should have to as well.
_________________________
John Viper
http://www.jtsoft.net
"Java is a machine. You put Java code in one end, and money comes out the other." - Anonymous

tony56

Nov 12, 2000, 11:50pm

This is a multi-part message in MIME format.

------=_NextPart_000_00A2_01C04CDE.5243CE40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

It is still that way in 3.0 John.

--=20
- Tony56 (aka Chandler56)
"Freedom: That's What The Government Wants You To Believe!"
____________________________________________________________
[View Quote]

------=_NextPart_000_00A2_01C04CDE.5243CE40
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3D"MS Sans Serif" size=3D1>It is still that way in 3.0=20
John.</FONT></DIV>
<DIV><BR>-- <BR>- Tony56 (aka Chandler56)<BR>"Freedom: That's What The=20
Government Wants You To=20
Believe!"<BR>____________________________________________________________=
</DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV>john viper <<A=20
href=3D"mailto:jviper at jtsoft.net">jviper at jtsoft.net</A>> wrote in =
message <A=20
=
href=3D"news:3a0f1669 at server1.Activeworlds.com">news:3a0f1669 at server1.Act=
iveworlds.com</A>...</DIV>While=20
we are on the subject, I haven't tested to see if it is fixed in 3.0 =
but there=20
has been a bug<BR>in AW for a VERY long time.  If someone is =
using your=20
PPW and you change it, they can still use it<BR>till they stop, and =
then=20
cannot re-log-in with it.  I think that as soon as you change =
your=20
PPW<BR>anyone who is using it should have to as=20
well.<BR>_________________________<BR>John Viper<BR><A=20
href=3D"http://www.jtsoft.net">http://www.jtsoft.net</A><BR>"Java is a =

machine.  You put Java code in one end, and money comes out the =
other." -=20
Anonymous<BR><BR><BR></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_00A2_01C04CDE.5243CE40--

agent1

Nov 17, 2000, 2:03pm

Uhh... Actually, it's very secure if you're very selective with who gets your PPW. Then again, I do think the Uniserver should
remove anyone logged in under the PPW if it is changed.

-Agent1

[View Quote]

john viper

Nov 18, 2000, 2:28am

| Uhh... Actually, it's very secure if you're very selective with who gets your PPW.

True, however perhaps its just me but I don't give my PPW out to my most trusted friends even simply
because my most trusted friends have abused it in the past.

| Then again, I do think
| the Uniserver should remove anyone logged in under the PPW if it is changed.

Exactly, just in case the hopefully few assholes con you into giving them your PPW.
_________________________
John Viper
http://www.jtsoft.net
"Java is a machine. You put Java code in one end, and money comes out the other." - Anonymous

grimble

Nov 18, 2000, 7:07pm

At the end of the day, the reason for chaning a password (when not forced to
by the server/software) is BECAUSE it has been compromised, so yes, the
change should become effective immediately. How "easy" this would be to
implement is another matter since the I would imagine that the security
"features" of AW are only appear to be utilised at login-time. Having said
that, there is always a solution, just not always a pretty one.

Grims

[View Quote]

wing

Nov 18, 2000, 7:36pm

If the client queryed the uniserver every minute or so, it could easily verify
that the PPW it's using, if any is still legit. If not, the client would exit
the world server as the citnum assigned to the now defunct PPW and return to
it's own. This wouldn't be very difficult as the client already querys the
server routinely for other changes in citizen information.

[View Quote] > At the end of the day, the reason for chaning a password (when not forced to
> by the server/software) is BECAUSE it has been compromised, so yes, the
> change should become effective immediately. How "easy" this would be to
> implement is another matter since the I would imagine that the security
> "features" of AW are only appear to be utilised at login-time. Having said
> that, there is always a solution, just not always a pretty one.
>
> Grims
>
[View Quote]

Awportals.com · ProLibraries Live · Twitter · LinkedIn