I've been having troubles with logging into DCUO for about a month, there is something that goes wonky with my cache files and leaves me unable to log in with an error, or it parses the HTML of the actual launcher login as HTML instead of the launcher showing up. I had the problem again today after I restored my pc back to when i knew it worked properly. It did not help i still got an error, so i asked my girlfriend to give me her cache files: DC Universe Online\LaunchPad.libs\LaunchPad.Cache\Cookies\Cookies DC Universe Online\LaunchPad.libs\LaunchPad.Cache\Cookies\Cookies-journal Well it didnt work at first, so i came back a couple hours later to see if i could figure out the problem, well it logged in and got the launcher just fine so i logged in after the update..... All of a sudden I'm seeing HER characters on my login page, I quit, and go back to the launcher, HER accounts were logged in without any security verifications, no password, no error just LOGGED IN! So after I got mine working, i sent my cookies to her, SAME thing I was logged in and she was not. This is a HUGE security violation. EVERYONE BEWARE of these files, protect them with your life until the dev's fix it.
Most cases this is true, on sites, games etc. A token in the cookies that verifies you're logged in without making you log in each time (otherwise it would have to save your password in some way). But if somebody can take those files, you have bigger problems to worry about. Worst case, changing your password should invalidate any saved tokens.
It's just like if someone gets access to your machine and look at Chrome saved passwords for your facebook and gmail. It has to stay client side, which means someone can take if they know where to find. Now, like Elda said, if someone ever gets access to your file system, you have much bigger problems to worry about than DCUO's password.
i'm well aware of this, but there is no reason that the cookies cant have validation in them to protect the user.
The validation available is to enter your password every time you log in. If you've checked the checkbox that says "Remember me on this computer", you're agreeing to bypass that validation process - the client will save your account name and password for future reference. It's not a security violation if you then give your cache files to somebody else - you chose to do that - any more than giving someone else your password would be ?
If you (or your girlfriend) were super worried about the security of the accounts, you'd not check the box to remember your password, which is why it's in the cookies. 'save password' means that somewhere the PW is recorded and accessed...meaning someone else can access your account if they get that saved info. While they could tighten things up as well, just uncheck the box and type your PW each login and you'll eliminate the security risk. 'They' (the bad guys) might still be able to get your username, but not the PW, from the cookies. EDIT: GA already said this. Nothing to see here.
My e-mails have 2FA, while my DCUO account has not because they don't offer it. OP is legit, this is a big security violation and should take care of. The token shouldn't work like that, it should also confirms if it the same PC that the account is logged on.
Hello, TL;DR: DO NOT SHARE COOKIES, PASSWORDS OR LOG FILES FROM YOUR COMPUTER This caught my attention, because it makes sense that the cookie should match the PC identification with rather public ip or mac (i prefer mac) but public ip is not bad, on the other hand, you should not at all share a log file, cookie, or sessions related files to anyone, is almost like when people take pictures of their credit cards....just don't, and i'm pretty sure everyone uses the same password for everything. This is an example of a password i started using when i got into software world (switched it already, for more secutiry layers, at least for work and cards) <A phrase you can remember including symbols>%<a number or letters sequence u can memorize>&<initials of the app> Example: <phrase >%<http://oeis.org/A000108>&app Th1sIsAPhraseIWillRemember% 11251442132429 &DCUO A "strong" password is not absolutelly secure, maybe someone who has you as a target can figure it out for example they could figure out a phrase i tend to use, and i work with number sequences and play dcuo, from there they can work it out. Another thing, try to clear your temporal files from the browsers, most of the time chrome, firefox & edge are mostly secure, but still if u are a target, it may not be enough. Some people use their phones, that as a secutiry layer is amazing, because it ensures that u are using "something you have" and not only "something you know", and if you add the finger print or faceid to unlock your phone that sets "something you are", on my tesis i made a security layer on an app that ensured the position of the poeple using an app from their phone, so it will be only available while they were at the building, it worked pretty good but did not look into it anymore after finishing my thesis (yes, vpns were not allowed ). Sadly for what i see, although dcuo can increase the security and encourage the use if new security layers, they can't do anything about the first problem in security, the person sharing the password, cookie or logfile. Now i don't know if Dimensional Ink is certified on ISO-27001 "Information Security Management", i mean u can still get hacked with all the certifications and knoledgement in the world, but if u follow a standart, at least you reduce the probability of comrpomise the confidenciality, availability & integrity of the organization and client information.
Authenticating by either Public IP or MAC address have their own problems - both can be spoofed, or you might need to swap out a faulty NIC, or just switch between WiFi and Wired connections between games? I'd imagine that perhaps generating a SHA or similar hash on the contents of the Cookies and Cookies-journal files would solve some problems, but it would lock you out if you changed your password on the website, rather than through the client? It's the usual trade-off between security and usability, unfortunately .
Yeah, i don't really see any wrong doing from Dimensional Ink here, actually i did change my password and logged back into the game, and asked the password, did not even showed me my username btw (did not tried to manipulate the cookie though). But for what i can see in the post, this is not really related to the game itself, since sharing the info the OP gave, is risky. But imo this is for example if i send u a picture of my credit card, and then i call the bank because someone used it "how did they go access?", "i sent him/her a picture and he/she told me won't use it"....."ok sir, you still have to pay but don't do it again".
maybe its not place to say it but i dont know where to send and i send here.. hey i back to game after years and i got som problems for old content no one play old dlcs just i have one ide about that and im sure for dcuo will come 100% active just make full op gear with collection and add that collections for all old and new raids alerts duos and im sure dcuo will open next breath new players can get fun for play old dlc and old players will be happy to play old dlcs for get that collections and make op gears pleas just read this maybe your will like this and make new update for this im sure 100% dcuo players will get fun for that... sorry for my bad english hope your understand
It's a suggestion some others have made before, but yeah, it's kind of off topic for this thread. You might want to start a new thread. For clarity's sake, you are suggesting we make a new gear set (OP) and make it a reward for collections that are spread across the full game. Meaning people would run old content more to farm the collections? Correct? The only issue with this idea is that anything people will farm means that they will want to get in and out fast (example...ZooE and PanE), meaning those runs will likely be made groups of 'farmers' who will blow through all that content in a single or few sittings. That won't help you.... if you are low or wanting an 'authentic' run in the content...get what you want. Sure 1 lucky person might get in a run with a random group, and as they will be OP, maybe they will get feats like 'no death' or 'Speed' feats (example...Paradox drops a lot of feats every run, if someone new is in), but anything taking effort or slow burn will be a fail more than likely. and the new player will learn nothing about mechanics or gameplay. Farmers want in and out...they likely have the feats already and just want their farmable loot.
yes you right maybe add cr drop or somthing like that just ppl who have max sp and cr cant understand how hard when u just start play game and no one play old content u cant do feats and up sp and with out sp you have no chance to get in raids i mean elite raids and normal raids its not serious u cant get fun fith normal raids and elite will be close for you cus low skill points maybe remove skill and left just gear and artifacts than all can play new raids if personal skill will be enaught for play game i like this game and i wish play but i try LFG and also just Que up but no one want play old content and aspecialy do feats so what we can do i realy dont know and its not only my opinion many and many ppl think same
This is my point. If you are looking to get skill points and to improve your playing, adding 'special' loot won't help. Farming runs are done for speed and generally speed does not get you feats (except speed feats). Most also do not teach you anything about mechanics or how to run the raid 'legit'. People plow through, sometimes even leaving group members in the dust by blowing past adds. One thing we've been asking for a long time (and its been teased as coming soon), is a way to get in with a less than full group. Many old runs, even elites do not require a full group to complete nor do many feats, however right now you need 8 people to get into those raids...that's tough to do either by LFG or Queue up. If we had a way to build a minimal group (just enough people to do the work) and those people were high enough, many runs are doable and the feats you can get are easier to co-ordinate with less people involved(most times). This would also help where someone low wants to run the runs with a bit more challenge as you can grab a few friends who are not totally OP(or willing to power down a bit) and they can help you through something without some random goon just blowing everything to pieces...ruining some of the fun you were trying to have. Case in point, and this is NOT an old raid...we were going to run COUR (legion raid) and someone asked if we could do the 23 tentacles. Easy feat, but it takes time. The group was ok with it, but we could not get an 8th person for the feat. We queued in, the 8th guy did NOT want to stay for the feat and left and we did NOT re-open the run. It was very easy with the 7 people we had and we even got 2 other feats in the run as everyone was onboard with doing them. So why do we need to queue in that 8th guy? Ideally, if we wanted to go in with the 7 we had (probably could have done it with less even), we should be able to as the 7 we put together all wanted the feat. That 8th guy could have come in and overburned Trigon and biffed it for us (he was 342 and probably brought a lot of burn), but he left...which was fine. There are many helpful people in this game who would help new users get feats and learn how to play. In the end it helps the game to have better, more powerful players vs a bunch of 'noobs' who've only ever been dragged through stuff by OP beasts. Unfortunately sometimes there are not 7 of them on at the same time you need them. There are always enough OP beasts though. Adjustable queue let's you have a bit more control over which ones you end up running with....an added 'special' loot will not.
thats ture yeah they just try fast run and dont care other group aspecialy on EU server terible ppl..... but i dont understand if dcuo knows about this problem why they wont fix this if they know how hard for new ppl or old who didnt have feats and expeirience for old content why they wont fix this ...... and yeh ik maybe many ppl dont understand this but dcuo my first mmorpg i play like 7 year and i love this game just sad look for this game have only new dlc active it have to many great old dlc what have many cool things <3
I delete those files like everyday because it seemed to help my random client crashes when I started doing it. Saw it was a fix for it somewhere. Now it's habit, when I log off, I delete those files.
Because there is really no true 'fix' other than going back in time and making it relevant again....and if I have a time machine, I won't be using it to re-play DCUO. All the proposed 'fixes' have some drawback. Stat leveling or whatever was tried years ago, and sounded ok, but ended up being rolled back as a big fail. Adding an option to go in stat leveled(nerfed) has been proposed, but there are a few issues with that where they either need to split the groups (so they don't mix) and that ends up with even MORE waiting for queues. Even my favorite suggestion, Adjustable Queue (go in with less than full groups) has on major drawback, and that is it takes many high levels out of the queuing rotation so some people might need to wait even more if blind queuing. There is no real 'fix' and many of the proposed ones would take a lot of programming work...meaning they likely won't do them just to find out they are hated and need to be rolled back.
