No announcement yet.

RPG Database has MAJOR FLAW

  • Filter
  • Time
  • Show
Clear All
new posts

  • RPG Database has MAJOR FLAW

    The RPG Database has MAJOR FLAW... Password are out in the open simply by viewing the PWDATABASE.DB. At a minimum it SHOULD NOT be named as such. It should be name something like what the RPG spits out for 64 character PW, algorythemically calculated off the PW you enter to access the PROGRAM, as well as have NO EXTENSION (especially not .DB) and be hidden somewhere RANDOMLY within the SYSTEMS PATH, not located in same folder as the program. ALSO THE PASSWORD FILE SHOULD BE ENCRYPTED, OTHERWISE YOU MIGHT AS WELL JUST STORE ALL OUR PASSWORDS ON FACEBOOK....:wink:

    This just a PROFESSIONAL's opinion, yours may vary (& BE WRONG):twisted:

  • #2
    Good suggestions!

    Thanks for the suggestions DisabledNotDead!

    Since it has been opensource there has not been any changes so far as far as I remember.

    I hope IObit takes those into consideration.


    - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -


    • #3
      Quick question by the way, since this is Open Source, is there someone who is still developing this? Or totally none anymore?


      • #4
        I agree that the contents (the database) should be encrypted; an apparant flaw in the program. The actual name of the extension of DB is not necessarily a problem - should the user need to find it - and the database itself is encrypted.

        If encrypted, although it could be renamed - not a bad idea - the new name for the database file needs to be consistent so that it can be found by the user upon problems being developed and tech support. If it was randomly placed on the drive in a random directory it would become a nightmare to repair.

        The Encryption system would need to be consistent from machine to machine for simple reasons.

        The program itself should be encrypted with a password, besides the database being encrypted. Should a user lose their password for the system, a PUBLISHED backdoor into the system would not be a good idea. It should be a double blind method to access should a password for the program be lost.

        Just a personal observation.

        PROBLEM: I would be curious to find out if the product is being updated officially or just by the public as an OPEN SOURCE product.

        NEW SUGGESTION: A method needs to be created to easily access across network systems & a method to backup the database remotely for restoration in the case of corruption.