View unanswered posts | View active topics It is currently Sun Jun 25, 2017 2:54 pm

Online Users

In total there are 2 users online :: 1 registered, 0 hidden and 1 guest

Most users ever online was 84 on Tue Sep 20, 2016 3:02 pm

Registered users: Baidu [Spider] based on users active over the past 5 minutes

Search



Reply to topic  [ 8 posts ] 
 Logging in from other places 

Which would you prefer?
Poll ended at Sun Apr 26, 2015 9:25 am
Logins to auto-kick the other out 0%  0%  [ 0 ]
Logins to give an option wherever to kick or not 67%  67%  [ 2 ]
Other 33%  33%  [ 1 ]
Total votes : 3

 Logging in from other places 
Author Message
Head Admin
Head Admin
User avatar

Joined: Tue Jun 17, 2014 1:02 am
Posts: 2526
Location: SW England, UK
Has Liked: 179 posts
Liked for: 1235 posts
Medals: 6
Referrer (1) AGN's MC player (1) AGN's TF2 player (1) First year AGNer (1) Kiloposter (1) HoW access (1)
What would you prefer if you log in while already logged in elsewhere? Would you like to have an option to logout the other or would you rather be able to log straight in?

Having the option would make logging in elsewhere or quickly reconnecting (when the server hasn't timed you out yet) a bit annoying. Being able to log straight in would be more convenient.

But imagine if someone hacks into your account while you're logged in or you log in while someone else is logged into your account. With the option to force a log out, the online client will be warned that someone else has attempted to login. This may give you (or them) a moment at least to realise someone else has attempted to log in.

Imagine person A is the client currently logged in and person B is the other client that has given the correct login credentials:

Auto logout scenario:

1. Person B logs in and logs A straight out. B will be told they've logged out elsewhere and A will be logged out right away and told the reason.

Optional logout scenarios:

2. Person B logs in and is given an option to logout A. B chooses not to but A will still be alerted that someone elsewhere has attempted to log in. This might give them time to change their password and message an admin.

3. Person B logs in and is given an option to logout A. B choose to log them out. However A will be still alerted immediately.

In 1 and 3, a hacker would most likely pick these to log in and change the password ASAP. However so would the owner if they think that A is a hacker. The owner however should prioritise alerting an admin in cases a hacker does log in or is already logged in.

_________________
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein


Sun Apr 19, 2015 9:25 am
Profile
Intermediate
Intermediate

Joined: Thu Jun 26, 2014 8:31 pm
Posts: 1382
Has Liked: 893 posts
Liked for: 765 posts
Medals: 3
First year AGNer (1) Kiloposter (1) HoW access (1)
I would like to be informed if someone tries to log-in to my account while I am logged-in. I think that auto log-out is not a good option. Also B shouldn't be able to log-out A, in my opinion. I voted Other.

I think the client should send me an e-mail if there was an attempt to log-in from a new IP adress. Or at least I should be able to check manually the IP address to see whether there was attempt to log-in to my account from a new IP or not. Something like Facebook has(although fb alerts me whenever I log-in from new browser).
Or could you make something to prevent changing passwords easily, please? Something like Steam has: if you want to change your account password, you have to confirm it through e-mail. So if someone logs-in to your AGNIM account, they can't change the password unless they can log-in also in your e-mail.


Sun Apr 19, 2015 12:00 pm
Profile
Head Admin
Head Admin
User avatar

Joined: Tue Jun 17, 2014 1:02 am
Posts: 2526
Location: SW England, UK
Has Liked: 179 posts
Liked for: 1235 posts
Medals: 6
Referrer (1) AGN's MC player (1) AGN's TF2 player (1) First year AGNer (1) Kiloposter (1) HoW access (1)
The problem with not letting you log in elsewhere is if you've logged in from another device that gets taken over by someone else or you forget to log out from a shared device, that account will be at mercy of whoever else and you wouldn't be able to do anything about it.

Although one shouldn't use a public computer, one should at least be able to log themselves out.

_________________
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein


Fri Apr 24, 2015 1:44 am
Profile
Regular
Regular
User avatar

Joined: Wed Nov 05, 2014 7:35 pm
Posts: 177
Has Liked: 53 posts
Liked for: 113 posts
Medals: 2
First year AGNer (1) HoW access (1)
With your latest comment I'm curious whether you're looking at this as being device specific or ip specific. Very often i'm logged into steam from my computer and phone at the same time, same ip with wifi but its nice to be able to instantly pick up and continue a conversation if i need to move around.

_________________
Image


Fri Apr 24, 2015 4:36 am
Profile
Head Admin
Head Admin
User avatar

Joined: Tue Jun 17, 2014 1:02 am
Posts: 2526
Location: SW England, UK
Has Liked: 179 posts
Liked for: 1235 posts
Medals: 6
Referrer (1) AGN's MC player (1) AGN's TF2 player (1) First year AGNer (1) Kiloposter (1) HoW access (1)
It isn't just IP and device specific but also application specific.

Login sessions are connection specific, which are tied to the network library (which is a mostly-self-managed open source library that utilizes .NET's networking assembly) connections themselves. If it wasn't, then anyone could (in theory) hijack the session. With the current design, which is already implemented, connections cannot be hijacked even with the same IP address, at least in practice.

When you want to log on from another device or application instance, the server must logout the other first.

Multi logins would make things very messy and would greatly postpone AGNIM's readiness again.

_________________
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein


Fri Apr 24, 2015 4:50 am
Profile
Head Admin
Head Admin
User avatar

Joined: Tue Jun 17, 2014 1:02 am
Posts: 2526
Location: SW England, UK
Has Liked: 179 posts
Liked for: 1235 posts
Medals: 6
Referrer (1) AGN's MC player (1) AGN's TF2 player (1) First year AGNer (1) Kiloposter (1) HoW access (1)
Here's what I'm going to do (and started on) so far: If the account is currently logged in the server will tell the new successfully authenticated client that, which'll present a prompt asking if they would like to kick the former off to log in or cancel. There will be an option however to do this automatically in the settings. Should the latter client cancel, a gentle but noticeable message will be made on the former client anyway to alert them to any successful hack attempts. If the former is the unauthorised member then alerting this would be the least the user's concerns especially considering most hackers would change the password quickly after logging in anyway.

Sound good?

I can see the vast majority of cases this will happen will be by the legitimate member, but if AGNIM flourishes in popularity it'll only be a matter of time before spammers or scammers endeavour to infiltrate, or at least the vengeful enemies/ex-friends or intrusive family/room-mates take advantage.

_________________
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein


Sat May 13, 2017 8:43 pm
Profile
Jr. Community Manager
Jr. Community Manager
User avatar

Joined: Mon Feb 08, 2016 6:25 am
Posts: 1668
Location: where ever the next book takes me
Has Liked: 209 posts
Liked for: 666 posts
Medals: 6
Referrer (1) AGN's MC player (1) AGN's TF2 player (1) Kiloposter (1) HoW access (1) Bug finder (1)
now question will agnim be part of the AGN site account like say a hacker is A and you B try logging on but can't because the hacker has already changed the password. would this affect your main AGN account or would they be the same thing like would changing your AGNim password change your main account password or are they separate entities?
I ask this because it would make it so much harder to hack the main site if the AGNim credentials are different than those of the main site?
if you have yet to think of that doc just some food for thought. :SBthumbsup

_________________
I am who I am I don't need nor want a label I simply am who I am and your approval is not needed nor wanted I am me and me is pretty awesome.
the state of your life is nothing more than a reflection of your state of mind
If you never look up you will never see the sky, It may be raining but there is a rainbow above you


Sun May 14, 2017 7:34 am
Profile WWW
Head Admin
Head Admin
User avatar

Joined: Tue Jun 17, 2014 1:02 am
Posts: 2526
Location: SW England, UK
Has Liked: 179 posts
Liked for: 1235 posts
Medals: 6
Referrer (1) AGN's MC player (1) AGN's TF2 player (1) First year AGNer (1) Kiloposter (1) HoW access (1)
It's entirely separate. The way .NET creates the hash is different from PHP so it's not even possible to authenticate through the same process, and giving users the choice to have a different password can reduce the damage with compromised accounts. So if one does use the same password the hashes will not match especially considering they're "salted" differently too. It also allows different databases and database accounts to be used, which is securer.

_________________
Community Rules | Newcomer FAQ | Our MC server FAQ | Our TF2 server FAQ
Need help with AGN? Check out the Tech forum.
Drop in suggestions or complaints in Suggestions forum.
Is it a private matter? PM me!
AGN's Twitter: @AceGamersNetwrk

"Creativity is intelligence having fun." - Albert Einstein


Sun May 14, 2017 8:01 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 8 posts ] 

Who is online

Registered users: Baidu [Spider]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group
Designed by ST Software.

Portal: Kiss Portal Engine © 2013 Michael O'Toole