[url]https://github.com/XxLMM13xXgaming/gbay/blob/master/lua/gbay/core/cl_core.lua#L127[/url]
Dont put Color() in paint func/HUDPaint hook (everywhere in the code, not just here)
[url]https://github.com/XxLMM13xXgaming/gbay/blob/master/lua/gbay/core/cl_core.lua#L164[/url]
Instead of sending this, send -1 0 or 1 with 3 bits signed int
use local functions or store them into table
[url]https://github.com/XxLMM13xXgaming/gbay/blob/8496b9f8961ab015f3f5cd6e229d88da4737eaaa/lua/gbay/gui/cl_bases.lua#L57[/url]
pick another mask
[url]https://github.com/XxLMM13xXgaming/gbay/blob/8496b9f8961ab015f3f5cd6e229d88da4737eaaa/lua/entities/gbay_mail/init.lua#L62[/url]
store the ents in the player so its faster to find them
[QUOTE=Author.;51929712]For the love of god please don't fill up the global table with functions like this, make a table where you can put all your function and variables inside.
[lua]
gbay = gbay or {}
gbay.author = "XxXXxXxx1337LMM1337XxXxXxXxxX"
gbay.version = "-2.0.0"
gbay.sometable = gbay.sometable or {}
function gbay.doshit(var)
print(var)
end[/lua][/QUOTE]
I will do this in the next large update! Never really thought about it so thanks!
[QUOTE=Lemmie;51931227]Usually your UI designs are garbage, but this is pretty damn good. Well done.[/QUOTE]
Yeah I had the design made on photoshop from an artist who does not want credits but thanks! I think it turned out nice!
[QUOTE=Jordanlol;51934253]looks nice![/QUOTE]
Thanks!
[editline]9th March 2017[/editline]
Making a reply to the huge post: first off why the big spaces haha
For the color thing I do not understand why? What is the issue with that never knew that was an issue
For me sending "positive" yeah I will change that kinda was using it as place holders
I'm using local oanel and also I do not understand the mask thing
Also I will look into the ent thing
Thanks for the reply!!
[QUOTE=pierre0158;51934822][url]https://github.com/XxLMM13xXgaming/gbay/blob/master/lua/gbay/core/cl_core.lua#L127[/url]
Dont put Color() in paint func/HUDPaint hook (everywhere in the code, not just here)
[/QUOTE]
Why?
[lua]
hook.Add( "HUDPaint", "ColorTest", function()
for i = 1, 10000000 do
Color( 255, 255, 255 )
end
end )
[/lua]
Causes a 35% fps drop. Meaning you'd have to call it quite a few times.
Additionally, Color doesn't even account for the FPS dropping.
[lua]
hook.Add( "HUDPaint", "ColorTest", function()
for i = 1, 10000000 do
end
end )
[/lua]
This causes virtually the exact same amount of lag.
[QUOTE=Handsome Matt;51935587]you could just code it properly though and not have an FPS drop when 10 different addons do shit like that[/QUOTE]
i'm still confused how would I do it I never knew that was an issue so many people put color in it...
So if it's an fps issue then what do I do to get around it
[editline]9th March 2017[/editline]
Also got hit with major wind storm yesterday so without power for what our company says up to a week! Will get right on the issues asap
Why are you storing any password plain like you are here?
[url]https://github.com/XxLMM13xXgaming/gbay/blob/master/lua/gbay/mysql/sv_mysql.lua#L172[/url]
Even if it's just the one user, it's still bad habit.
[QUOTE=Nookyava;51936083]Why are you storing any password plain like you are here?
[url]https://github.com/XxLMM13xXgaming/gbay/blob/master/lua/gbay/mysql/sv_mysql.lua#L172[/url]
Even if it's just the one user, it's still bad habit.[/QUOTE]
It's on the server side and you need to know the cleartext password to connect, so it's fine in this case. If you're worried about getting the password stolen, be sure to not install scetchy addons on the server, because the password will not be safe no matter where it's stored if a malicious addon is installed or if a user is somehow able to run lua code on the server.
[QUOTE=BlackVoid;51936209]It's on the server side and you need to know the cleartext password to connect, so it's fine in this case. If you're worried about getting the password stolen, be sure to not install scetchy addons on the server, because the password will not be safe no matter where it's stored if a malicious addon is installed or if a user is somehow able to run lua code on the server.[/QUOTE]
It's more about the habit. Never store passwords as plain text. Not to mention if anyone gets in these server's databases, as most of the users may just "give" access to their Lua Dev, then they'll just get the password through that.
Point being, never store passwords, no matter how "secure" you think it may be, as plaintext. You're encouraging bad habits by saying it's fine.
[QUOTE=Nookyava;51936432]It's more about the habit. Never store passwords as plain text. Not to mention if anyone gets in these server's databases, as most of the users may just "give" access to their Lua Dev, then they'll just get the password through that.
Point being, never store passwords, no matter how "secure" you think it may be, as plaintext. You're encouraging bad habits by saying it's fine.[/QUOTE]
Implying that someone would have access to the serverside sqlite but not serverside lua files where the password would be stored anyways? Smh
[QUOTE=Kevlon;51936949]Implying that someone would have access to the serverside sqlite but not serverside lua files where the password would be stored anyways? Smh[/QUOTE]
Sorry if this was not what you were asking for, I believe Nookyava was trying to say it's bad practise in general to store passwords in plain text.
Edit:
I'm so fucking stupid, I should probably read more.
I'll look into the color thing and if you think about it ts either I save the password in a text file that someone can look in or sql thag a "darkrp developer" that got access most likly won't know lua to get the password
[editline]9th March 2017[/editline]
Update: day 4 still no power no contact with human life and running out of food
Jk but it is day 2 no power so can't fix anything :(
[editline]9th March 2017[/editline]
Also I understand it's bad practice to store plaintext passwords but in this case i'm not gonna go through taking more space then needed to decode a password I know it's not much but still it's still safe
No matter how safe you think it is someone can break it..
[QUOTE=XxLMM13xXx;51937117]
Also I understand it's bad practice to store plaintext passwords but in this case i'm not gonna go through taking more space then needed to decode a password I know it's not much but still it's still safe[/QUOTE]
thats still not how u store passwords
[QUOTE=Handsome Matt;51935621]you just define them outside of the scope:
[lua]
local my_color = Color(255, 0, 0)
hook.Add( "HUDPaint", "ColorTest", function()
for i = 1, 10000000 do
do(my_color)
end
end )
[/lua]
this stops the color structure being reconstructed every frame - in your case since you're just using white just use the `color_white` global[/QUOTE]
Why are we caring so much about micro optimisation. If you want him to optimise it, just localise the function.
[QUOTE=Promptitude;51938527]Why are we caring so much about micro optimisation. If you want him to optimise it, just localise the function.[/QUOTE]
It's about creating new objects vs using existing ones.
[QUOTE=LegoGuy;51938713]It's about creating new objects vs using existing ones.[/QUOTE]
Yet it causes no lag.
[QUOTE=Promptitude;51938716]Yet it causes no lag.[/QUOTE]
...yes it does. it also eats RAM.
[editline]10th March 2017[/editline]
If you argue otherwise, you're exactly what's wrong in today's programming world.
[QUOTE=LegoGuy;51938785]...yes it does. it also eats RAM.
[editline]10th March 2017[/editline]
If you argue otherwise, you're exactly what's wrong in today's programming world.[/QUOTE]
So micro optimisations are what we need in today's programming world? Can't tell if you're joking or not.
It's also interesting that I've had the hook running for over an hour that constantly creates Color objects and I haven't seen a spike in RAM, hm. I guess garbage collection is doing its job.
[QUOTE=Promptitude;51938956]So micro optimisations are what we need in today's programming world? Can't tell if you're joking or not.
It's also interesting that I've had the hook running for over an hour that constantly creates Color objects and I haven't seen a spike in RAM, hm. I guess garbage collection is doing its job.[/QUOTE]
Reusing existing objects instead of creating lots of the same thing isn't "micro optimizing" it's just good practice. You shouldn't be doing something like that each frame. Such carelessness might not matter in small doses, but small things like these add up. But hey, I guess it's easy to be on a high-horse and not caring about your footprint on a system where you live in a magical world of infinite resources and "oh it'll take care of itself"
[QUOTE=LegoGuy;51938994]Reusing existing objects instead of creating lots of the same thing isn't "micro optimizing" it's just good practice. You shouldn't be doing something like that each frame. Such carelessness might not matter in small doses, but small things like these add up. But hey, I guess it's easy to be on a high-horse and not caring about your footprint on a system where you live in a magical world of infinite resources and "oh it'll take care of itself"[/QUOTE]
The entire point of this argument was over speed, not good practice. If that's all you're arguing about then I agree with you.
Just hashing the password properly is a good way to do it, sure, there's not much anyone can do unless they have access to the database, but at least it would keep the passwords secure so that any potential users' actual passwords don't get leaked, if anyone was to believe this was properly done and didn't store passwords in plaintext, resulting in them possibly using the same password they use for other services.
You could easily get SHA-256 in Garry's Mod using the one on the official Lua wiki: [url]http://lua-users.org/wiki/SecureHashAlgorithm[/url]
Hash the password with this, maybe even salt it as well with mail/username and you've got yourself a much more secure login and password management. Just never store the password on the server, make the hash on the client, send the hash (with salt if applicable) and then compare the hash to the one you've stored in the database (or write new one if user is new), and if the hashes match the user has written the correct password, if not, the client hash will be unequal to the one server has stored for the account it's trying to log into, meaning they hashed something differently than what the password should actually be. Keep in mind hashing isn't re-routable and can't be "dehashed" or "decoded" or create any collisions because of how secure the algorithm is, unlike MD5 or SHA-1 (which had it's FIRST collision by Google a week or two ago).
Yes, it's not necessary, but it's a good practice to treat passwords the right way no matter what you're doing it for. You can use the knowledge and experience from doing it properly now for any future projects and whatnot. :doghidden:
Hashing passwords in gmod that sounds fun literally the other option was to leave an open .lua file with the password just slapped on there plantext and everything but I mean I'll hash it if I should
[editline]10th March 2017[/editline]
Still no power however after a day of searching for generators we found one I may power up a laptop and some internet and we can get started
[QUOTE=Nookyava;51936432]It's more about the habit. Never store passwords as plain text. Not to mention if anyone gets in these server's databases, as most of the users may just "give" access to their Lua Dev, then they'll just get the password through that.
Point being, never store passwords, no matter how "secure" you think it may be, as plaintext. You're encouraging bad habits by saying it's fine.[/QUOTE]
You [URL="http://stackoverflow.com/questions/1082852/connect-to-mysql-with-hashed-password"]CANNOT[/URL] [URL="http://stackoverflow.com/questions/12637852/how-to-connect-to-mysql-database-using-hashed-password"]store[/URL] your database password hashed since you need it in cleartext to connect to the database, if you store it in a textfile it can be read by anyone with lua/filesystem access, if it's in a lua file same thing and if it's in the database it's also the same thing. Notice a trend? No matter where you store it it can be accessed by a malicious developer or someone who gains access to the server, there is no way around it. So storing it in the server side sqlite database, in a lua or text file does not make it any more or less secure.
So feel free to discuss HOW you are supposed to not store it in clear text and please DO tell how I encourage bad habits when i say it's fine to store the DATABASE password in cleartext when it NEEDS to be stored that way.
EDIT:
If you are worried about someone getting the password then only give the required permissions to the SQL user and use a randomly generated password, that way no other account i breached when it leaks, don't "hire" shady developers and don't install random peoples addons without checking them for backdoors/vulnerabilities.
Any other password should be stored using a cryptographically secure hashing method with a salt.
[QUOTE=BlackVoid;51940092]You CANNOT store your database password hashed since you need it in cleartext to connect to the database, if you store it in a textfile it can be read by anyone with lua/filesystem access, if it's in a lua file same thing and if it's in the database it's also the same thing. Notice a trend? No matter where you store it it can be accessed by a malicious developer or someone who gains access to the server, there is no way around it. So storing it in the server side sqlite database, in a lua or text file does not make it any more or less secure.
So feel free to discuss HOW you are supposed to not store it in clear text and please DO tell how I encourage bad habits when i say it's fine to store the DATABASE password in cleartext when it NEEDS to be stored that way.[/QUOTE]
I fell the same way :( I mean it's going throw a lot for no readon
[editline]10th March 2017[/editline]
Reason*
I was expecting the G to be short for Gay. It would've rhymed and be accurate at the same time.
[QUOTE=BlackVoid;51940092]You [URL="http://stackoverflow.com/questions/1082852/connect-to-mysql-with-hashed-password"]CANNOT[/URL] [URL="http://stackoverflow.com/questions/12637852/how-to-connect-to-mysql-database-using-hashed-password"]store[/URL] your database password hashed since you need it in cleartext to connect to the database, if you store it in a textfile it can be read by anyone with lua/filesystem access, if it's in a lua file same thing and if it's in the database it's also the same thing. Notice a trend? No matter where you store it it can be accessed by a malicious developer or someone who gains access to the server, there is no way around it. So storing it in the server side sqlite database, in a lua or text file does not make it any more or less secure.
So feel free to discuss HOW you are supposed to not store it in clear text and please DO tell how I encourage bad habits when i say it's fine to store the DATABASE password in cleartext when it NEEDS to be stored that way.
EDIT:
If you are worried about someone getting the password then only give the required permissions to the SQL user and use a randomly generated password, that way no other account i breached when it leaks, don't "hire" shady developers and don't install random peoples addons without checking them for backdoors/vulnerabilities.
Any other password should be stored using a cryptographically secure hashing method with a salt.[/QUOTE]
You clearly have no clue what you're talking about. At all.
Any sensitive info stored in a database should never be plain text. End of story. No discussion to be had. If you think otherwise then please never handle said information, as you clearly cannot be trusted with it.
When it comes to the database credentials, I never said to do anything those cause obviously there is no way, BUT you should be creating a user that only accesses that table. Again, common sense.
Again, you're talking to me, so telling me not to "hire shady developers" is useless seeing as I'm more competent than your average server owner. But I've seen countless people hire these types of developers, so protecting every little bit helps.
Regardless, never store sensitive info as plaintext. Easy.
[editline]10th March 2017[/editline]
[QUOTE=XxLMM13xXx;51940117]I fell the same way :( I mean it's going throw a lot for no readon
[editline]10th March 2017[/editline]
Reason*[/QUOTE]
This is a very good reason on why we don't allow you to submit scripts on SF. You disregard any advice as a pain that you "have" to follow, instead of taking the advice and learning from it.
[QUOTE=Nookyava;51940508]You clearly have no clue what you're talking about. At all.
Any sensitive info stored in a database should never be plain text. End of story. No discussion to be had. If you think otherwise then please never handle said information, as you clearly cannot be trusted with it.
When it comes to the database credentials, I never said to do anything those cause obviously there is no way, BUT you should be creating a user that only accesses that table. Again, common sense.
Again, you're talking to me, so telling me not to "hire shady developers" is useless seeing as I'm more competent than your average server owner. But I've seen countless people hire these types of developers, so protecting every little bit helps.
Regardless, never store sensitive info as plaintext. Easy.
[editline]10th March 2017[/editline]
This is a very good reason on why we don't allow you to submit scripts on SF. You disregard any advice as a pain that you "have" to follow, instead of taking the advice and learning from it.[/QUOTE]
You have still not given a solution to not store connection details in cleartext. I never said that users password should be stored in cleartext, I said that connection details need to be stored in cleartext, so obviously you are not reading what I'm saying. The code you linked was to store the connection details. If you look at other addons or software, they all store it in cleartext.
What you are saying is correct, but in this case you need to store sensitive data, it does not matter if it's stored in the database, lua file or text file since these locations can all be access from any script and are equally insecure.
Examples:
[URL="https://github.com/FPtje/DarkRP/blob/master/gamemode/config/_MySQL.lua#L12"]DarkRP[/URL]
[URL="https://github.com/adamdburton/pointshop/blob/master/lua/pointshop/providers/mysql.lua#L35"]Pointshop[/URL]
[URL="http://wiki.dovecot.org/AuthDatabase/SQL"]Dovecot[/URL]
[URL="http://www.postfix.org/MYSQL_README.html"]Postfix[/URL]
I could keep going with software which store the connection details in cleartext, but apparently you are too dense to admit you are wrong.
[B]Note that I am not telling you that you should store users passwords in cleartext[/B], they should always be hashed. There is as I've mentioned no way to hash the connection details and the two other solutions to this is to encrypt it (where do you store the key securely) or for example store it in an environmental variable (is this even possible to access in gmod and if so every script can access it
[U]How and where would you store the connection details?[/U]
At this point there is no point to keep replying to you, since you using ad hominem and are arguing a straw man.
I understand where both sides are coming from... I need one simple answer from someone else to tell me if I should hash or not and if yes then how?
I'll be frank with you, you are a dolt.
Please read my previous posts where I never once mentioned the connection details.
In my [b]LAST[/b] post you can see where I mention...
[quote]When it comes to the database credentials, I never said to do anything those cause obviously there is no way, BUT you should be creating a user that only accesses that table. Again, common sense.[/quote]
So please, stop going on about connection details. I never once brought them up in regards to anything other than a nod in their direction.
Let me get this straight... your basicly just saying it's bad practice to store passwords plaintext in databases. I understand that. Your not saying [B]In this case[/B] that it's going to make anything more secure because the other option is just taking the password and having it in a text file with the password plaintext. I completely understand the bad practice I am doing here but [B]In this case[/B] should I bother?
[QUOTE=XxLMM13xXx;51940978]Let me get this straight... your basicly just saying it's bad practice to store passwords plaintext in databases. I understand that. Your not saying [B]In this case[/B] that it's going to make anything more secure because the other option is just taking the password and having it in a text file with the password plaintext. I completely understand the bad practice I am doing here but [B]In this case[/B] should I bother?[/QUOTE]
You can't be serious right? Storing plain passwords is the worst, think if paypal got hijacked and everyone's pw's got out, those are encrypted to hell and back, if they weren't lmao bye millions of paypal accounts!
This applies to any case, you're putting [B]serious sensitive[/B] data to risk if you're not going to encrypt n' secure them.
Sorry, you need to Log In to post a reply to this thread.
