State of Security

A week ago today, both BC Wars and PokerRPG fell prey to a security breach. Thanks to a quick response by the great moderators we have, I was alerted of this event and was able to quickly take care of the situation without much damage being done. However, one very clear lesson was learned:

Security is very important, and should never be left as an after thought!

I spent all day last Friday, all day the following day, and throughout the week while I was in San Francisco combing the hundreds of thousands of lines looking for security holes, and there were plenty to be found and fixed. There were several instances where SQL Injections were quite possible (as was made obvious by the hacker), even though measures had been taken to prevent this specific attack.

Passwords were stored in plain text, which is pretty much the cardinal sin of web development, though many more sites do it than you would like to know. Now, all passwords across all of the sites in our network are stored using 256-bit encryption, as well as a myriad of other techniques to thwart any future attempts by hackers to crack passwords.

Overall, the security of the network has been dramatically bolstered, which is a great step for the future. The lesson has been heard loud and clear. Security will now be an ever-present piece of all coding done on any GoldFire Studios project from now and into the future.