ACG_Wind Posted April 25, 2017 Posted April 25, 2017 (edited) Yikes!, a recommended/prioritized update for an upcoming patch should be encryption of the PW value included in the startup.cfg file. Currently the value is saved in the file as plain text. When starting up IL2, the prompt to enter your account password, and choice to "remember" it appears to store it unencrypted/plain text in the startup.cfg file. This should be updated to store the PW as an encrypted hash string. Given the PW ties to user's IL2 store account, it should be a high priority. Otherwise though, great game! Edited April 25, 2017 by WindWpn
=TBAS=Sshadow14 Posted April 25, 2017 Posted April 25, 2017 (edited) Why should it?It's Perfectly Secure.Nobody can Get the file or Access it unless you give them a copy of your Startup.CfgNobody is going to risk Federal Prison and jail over a IL2 Password back hacking into your computer directly and stealing the file, Specially as its NOT an mmo with proper player stats and long grinded accounts. (just like i keep a file in My documents called Passes, It has all my passwords and logins written in there Never been hacked, lost anything or had a virus in 12 years )Its great there and easy when re-installing game/config can just type it in there..Very Very low priority and devs have much more important work to do Edited April 25, 2017 by =R4T=Sshadow14
ACG_Wind Posted April 25, 2017 Author Posted April 25, 2017 (edited) Though, is not that PW the same which is used to access your IL2 Store account? Plus its a 101 level issue. Who in app dev when using PWs does not at minimum hash encrypt especially when tied to an e-commerce component?? Plus dude, your computer is connected to the Internet right?.... anything on it is detectable and searchable via any number of methods. Again 101 level stuff here and should be quite a low LOE to implement. Edited April 25, 2017 by WindWpn
=VARP=Cygann Posted April 26, 2017 Posted April 26, 2017 I must agree here, this is something I always found odd with IL2 for a long time. Such a nice engine and related work, yet so basic way to to handle sensitive data, it kind of sticks out . At this day and age, no pw should ever be stored in human readable form. Some users will use PW that is also used for their other online services (people tend to share pw often for simplicity or memorizing it). And on top of that, to see pw stored like that lights up all kind of alarms trust related towards the company among IT crowd. If I were in their shoes, I'd take WindWpn's advice very seriously... 1
=RS=Stix_09 Posted March 3, 2022 Posted March 3, 2022 I founds this old post after reading setam review of the game. Anyone that uses same password for a game and sensitive information is very stupid. I use a password manager, and only need to know a couple of my hundreds of differnt passwords, and hence all my passwords are very long and I have no idea what most of them are. If your pc is hacked and ppl can read files on it , you have much bigger problems. Also the steam version of the game does not use that password to login to the game servers. You also have the option with the non steam client to not store the passord and manually enter it if u choose.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now