1. The space forums use a separate registration system from the main virtual world. To comment on these forums, you need to create a separate forum account.
    Dismiss Notice
  2. Hey there, if you want some direct help without hopping inworld - try our Discord channel at https://discord.gg/mptfycQ
    Dismiss Notice

Bug Report Not same user-account for game and forum?

Discussion in 'Bug Reports' started by bachatero2000, Jan 19, 2018.

Share This Page

  1. bachatero2000

    By:bachatero2000Jan 19, 2018
    New Member

    Joined:
    Jan 19, 2018
    Messages:
    5
    Likes Received:
    0
    Maybe a "feature" and not a bug but it is a big if you ask me.
     
  2. Adam

    By:AdamJan 19, 2018
    Developer
    Staff Member Moderator

    Joined:
    Aug 21, 2014
    Messages:
    693
    Likes Received:
    137
    Hey - we actually did that on purpose for security reasons.

    Here's the long reason why:

    We picked Xenforo for security reasons initially - it's got the best track record to being hacked (a typical way games get compromised) - however it also doesn't support external authentication; the solution they propose is we duplicate our data - store it in both the primary database (where we have control over securing it), and theirs (less so.) -- given the track record of forums in general, we decided not to do that. By keeping the databases separated, we minimise the damage in the event a forum does get compromised, and minimise the incentive.

    (We do patch regularly and follow general best practices - but it's a risk we want to minimise.)
     
    bachatero2000 likes this.
  3. bachatero2000

    By:bachatero2000Jan 19, 2018
    New Member

    Joined:
    Jan 19, 2018
    Messages:
    5
    Likes Received:
    0
    Ok...no biggie I guess...

    Edit: A hey...its you from the game :)
     
  4. Adam

    By:AdamJan 19, 2018
    Developer
    Staff Member Moderator

    Joined:
    Aug 21, 2014
    Messages:
    693
    Likes Received:
    137
    Yeah it's a little annoying - and I'd love it if they could implement external authentication, but apparently it is not a priority; and if I have to pick between 'probably going to get hacked' and 'users have to register again', the latter wins.
     
    bachatero2000 likes this.