Official Everybody Edits Forums
Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
- Topics: Active | Unanswered
#1 2015-04-25 19:23:21
- Hexagon
- Member
- Joined: 2015-04-22
- Posts: 1,213
[Idea] Serializing client object for passwordless authentication
I'm not planning to make this, although it is an interesting idea. I'm wondering if anyone made the following:
- decompile PlayerIO (this is illegal if shared)
- make the client object serializable
- package it back up
- serialize the client object
- transfer the client object somewhere else over the internet
- un-serialize it on the other end
- ta da, you just transferred your account to someone else without using a password
- to permanently deactivate it, logout the client from your end
Offline
- Wooted by: (2)
#2 2015-04-26 10:52:38
- DarkDragon4900
- Member
- Joined: 2015-03-17
- Posts: 251
Re: [Idea] Serializing client object for passwordless authentication
Atilla made a temporary login token thing previously. But I doubt it works anymore.
Offline
- Wooted by: (2)
#3 2015-04-26 14:26:44
Offline
- Wooted by: (2)
#4 2015-04-27 12:23:46
- DarkDragon4900
- Member
- Joined: 2015-03-17
- Posts: 251
Re: [Idea] Serializing client object for passwordless authentication
You keep asking about things you commented on.
http://forums.everybodyedits.com/viewtopic.php?id=11511 :p
Offline
- Wooted by: (2)
#5 2015-04-27 13:02:37
- Hexagon
- Member
- Joined: 2015-04-22
- Posts: 1,213
Re: [Idea] Serializing client object for passwordless authentication
You keep asking about things you commented on.
http://forums.everybodyedits.com/viewtopic.php?id=11511
I saw that, but it's not exactly what I'm looking for. I'm looking for the ability to transfer your entire EE session to someone else, and have them place blocks and such, without a password. EEAuth is nice as you can prove that someone owns an account, but it can't transfer Client objects to my knowledge.
Offline
- Wooted by: (2)
#6 2015-04-27 15:38:12
- Processor
- Member
- Joined: 2015-02-15
- Posts: 2,246
Re: [Idea] Serializing client object for passwordless authentication
I AM NOT ATILLA Q_Q
I saw that, but it's not exactly what I'm looking for. I'm looking for the ability to transfer your entire EE session to someone else, and have them place blocks and such, without a password. EEAuth is nice as you can prove that someone owns an account, but it can't transfer Client objects to my knowledge.
EE sessions are actually something dangerous to play with. I know a few vulnerabilities in them that prevents me from publishing anything like this. You will end up compromising more security as people get to discover these issues.
I'm not trying to hold you off this, I'm just saying you won't get what you want to archive.
I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.
Offline
- Wooted by: (2)
#7 2015-04-27 16:05:02, last edited by Hexagon (2015-04-27 16:05:25)
- Hexagon
- Member
- Joined: 2015-04-22
- Posts: 1,213
Re: [Idea] Serializing client object for passwordless authentication
I'm not trying to hold you off this, I'm just saying you won't get what you want to [achieve].
What I want to achieve is to give a bot your serialized session thing, then that way they can never transmit your password to someone else. When you're done with the bot, just call logout() on the session token and it's useless. However, as you said, there probably are vulnerabilities that I'm not considering that would make this not work or be very insecure. I don't want to make it though.
Offline
- Wooted by:
[ Started around 1732483260.6865 - Generated in 0.043 seconds, 12 queries executed - Memory usage: 1.5 MiB (Peak: 1.64 MiB) ]