I'm not the first person to notice this but:
In the file called Game.prefs under ***\My Games\Gas Powered Games\Demigod\
profile = { current = 1, profiles = { { console_size = 5, LastHero = 'hvampire', ImpulsePassword = <my password in good old plaintext>~
Could we have some response if this will be fixed? I mean come on, this is a mistake a freshman in CS would do...
Oh also, you can probably edit what favour items you have unlocked:
Items = { 'AchievementTeleport' },
I lost all my favour items when I went to MP - the game overwrites your original file the first time you play, it seems.
I strongly agree with you on the password problem. This should be fixed asap.Im not sure if the unlocks are stored client side. When the file is rewritten on connect its probably not the case.
lol.......that is rich ^^
You would be surprised how often this happens. I know, you shouldn't treat ANYTHING as secure, but plenty of times devs will consider a system file secure enough as someone would need access to your computer in the first place to harvest it. But yeah, I kinda figured this might happen which is why I generally don't have my username/pass saved automatically
Ouch.
Yeah, this would be good to fix.
Not only does this bother me...but am I the only one bothered about having to use my Impulse login to play the game MP? If someone gets a hold of my impulse login, they have all my games. I have no idea how the stuff is being sent to the servers. Is my information even being encrypted during transmission? Or can anyone just sniff the packets and get my impulse password at their leisure?
And on top of that I am making P2P connections with other people I do not know or trust after I open up all my ports, it just seems like I am inviting all sorts of unwanted trouble with the way MP is implemented with DG. If this is the future of this new "impulse reactor" or whatever it is called, I really hope they make it more secure in the near future.
Well, at least now I know why all my favor items are gone whenever I go back to my SP game after playing MP. What a bug.
It does seem odd. The impulse login should be just to buy/update games. Once in games, game logins should be different.. that's pretty standard practise.
Game shouldn't store password on your computer at all. It should be a server side flag imo, or just store username.
No it isn't. Games for Windows Live, SteamWorks, these are just two examples of the opposite of what you say is "standard practice".
I haven't played alot of MP with Steam games--but don't you login through STEAM itself, and then start your game which then uses the steam authentication to play your game? In otherwords, with DG, I login to Impulse (to check for updates), then I launch the game, then I login AGAIN through the GAME with my impulse info. With steam, I just login to steam, then launch the game--I only have to trust that the steam programmers have kept my stuff protected. With DG--I have to trust that both impulse and DG are properly protecting my info. And this thread shows that there is at least one security problem with DG.
You login through Impulse authentication server.
The game uses ports 6000-6200 by default, but its not system access. I mean technically you can go through the hassle of going through imitating the connection and eventaully getting a response, but noone in their right mind would do that just to get your password.
I do agree that the plain text in a txt file is kind of stupid. Oh and you cannot add items for multiplayer, you can for single. (Client vs Server storage).
Sorry mate, you are wrong. When I log into Steam, and THEN go and play one of the many mp games I have in there, I have a mp login in most games that is completely different from my account name. Some valve games don't require me to login to play mp, so there's nothing I can do about that.
GFWL is not something to compare to, it's possibly the worst gaming service on the planet.
At the least, being able to alias when playing just makes it a little harder for people to try and hack your account.
The really bad part is that if you're a person who tries to use some sort of 3rd party app (a trainer for example) with this game you're entirely at risk at losing not only Demigod but any other games you purchase through Impulse....
Hell, they could even just write a virus that checks this file and make good money stealing accounts. :/
WHy is it bad? Its perfect.
those who try to cheat shoudl be punish. Sounds like a perfect stimulus not to cheat.
No, your Steam Account name is one thing and what shows up in games/friend lists is something completely different that you can change on a whim.
Well, I meant cheat in singleplayer. I still agree though. I just figure there are a lot of kids who probably will buy this game (maybe, lol) and end up wanting to try something and it steals their account instead...
Or maybe someone makes a mod that you want to try but all it really does is steal your account, for example. Other people can think of better examples where you download somethign thinking it's legit. :/
That wouldn't be an incentive for me not to cheat, that would be an incentive for me not to buy from impulse ever again.
Steam games require that steam is running because they all use Steam to do 'stuff'. Impulse is completely independant of it's games. You don't need to be running Impulse to run Demigod or play multiplayer. Hense, Demigod needs to login internally that way.
But yes, plaintext passwords are bad.
Even though we reported this to GPG a long time ago, it's still the same
There are many great features available to you once you register, including:
Sign in or Create Account
