1. Hello!

    First of all, welcome to MapleLegends! You are currently viewing the forums as a guest, so you can only view the first post of every topic. We highly recommend registering so you can be part of our community.

    By registering to our forums you can introduce yourself and make your first friends, talk in the shoutbox, contribute, and much more!

    This process only takes a few minutes and you can always decide to lurk even after!

    - MapleLegends Administration-
  2. Experiencing disconnecting after inserting your login info? Make sure you are on the latest MapleLegends version. The current latest version is found by clicking here.
    Dismiss Notice

Use other identifier instead of LoginID for Voting Website

Discussion in 'Suggestions' started by iLovKimberly, Mar 6, 2021.

  1. iLovKimberly
    Offline

    iLovKimberly Headless Horseman

    804
    398
    372
    Feb 23, 2017
    Male
    Malaysia
    7:08 AM
    Tsukishima/ItamiYouji
    Islander, Bishop
    Halcyon
    upload_2021-3-6_11-22-50.png

    Seeing this worries me. It could happen on GTOP also.
    Since LoginID is confidential, it should not be viewable by outsiders including voting websites.
    Currently GTOP and TopG has all our LoginIDs, what happen if any of their staff use this maliciously, or if there is any data leak.

    Instead of sending LoginID, can send other identifier, for example "IGN" or any other suitable identifier to voting website?
    Then after they pingback the identifier to MapleLegends, match it back to LoginID to give the NX.

    Edit: Probably not IGN since players do delete their characters.
    Perhaps generate an unique ID for every game account upon account creation.
     
    • Like Like x 5
    • Agree Agree x 2
  2. PandaOnPanda
    Offline

    PandaOnPanda Timer

    101
    26
    120
    Jun 29, 2019
    7:08 PM
    PandaOn___
    Paladin, I/L Arch Mage, Corsair
    Homies
    While normally usernames aren't considered "confidential", I'd agree that sending usernames off to a 3rd party should have some sort of obfuscation.

    Since it would probably only be used for the voting sites, for an "unique ID" like OP suggested, could just add a hashed username + some salt column to relevant DB table and send that value off for voting instead? Probably be pretty easy to implement in the DB too (been outa the game for awhile so could be more difficult than I remember)

    I guess it also begs the question of what does GTOP/TopG require ML sends them? Are they going to be happy with usernames not being sent anymore?
     
    • Agree Agree x 1
  3. Kimmy
    Online

    Kimmy Administrator Staff Member Administrator Game Moderator

    10,963
    10,998
    551
    Sep 9, 2014
    The Netherlands
    12:08 AM
    Moderator Post
    I have seen some servers use the account ID (number) instead which could be less sensitive probably. We look into this if we got a bit of time available
     
    • Friendly Friendly x 2
  4. OP
    OP
    iLovKimberly
    Offline

    iLovKimberly Headless Horseman

    804
    398
    372
    Feb 23, 2017
    Male
    Malaysia
    7:08 AM
    Tsukishima/ItamiYouji
    Islander, Bishop
    Halcyon
    • Like Like x 1

Share This Page