Quote:
Originally Posted by ^SmileY
Again, nobody can provide a practical example how _pw can be stolen.
|
"_pw" cannot be stolen. Unless:
• The password is genuinely easy to guess.
• The clumsy user has posted it somewhere by accident for everyone to see.
• An admin or owner that has access to the server's database has exploited it.
• There's a plugin with roles to read files from the server with a bug that enables users to read database files (I would re-check my plugins and where I got them from, then check their source).
• The server's database has been exploited by a haxz0r.
And one most important way:
• The user's _pw is saved on anything other than the Steam ID, or IP Address (Unviable).