(1)(1)(1)(1)(1)(1)(1)(1).thumb.png.c773b1e39c1958ea50a83f6e35520029.png)
Third party authentication security
Hello explorers,
I see more and more communities and organizations setting up authentication based on Dual Universe account in order to identify players on Discords, websites or other places outside the game.
However, it's not a simple process and there are lots of potential security breaches (I've seen and reported a few).
Thus, I decided to write this post where I describe good security practices and point some common attack scenarios.
While this post is mostly dire
The fearmongering being spread through this thread is a bit disingenuous considering that nobody actually asked me how the authentication actually works or what is being collected (regardless of the fact that all of it is open source and available for anyone to look at).
So I will break it down here.
It doesn't matter if you know how the hash is generated, in fact, I'll tell you that it's an MD5 sum of the Discord User ID. Having a way of generating a users hash does abs
