NEVER reveal your 'powder.def' file to anyone.

  • Kikkin
    2nd Mar 2015 Banned 0 Permalink
    This post is hidden because the user is banned
  • 2015
    3rd Mar 2015 Member 0 Permalink

    how does it allow others to access your account? anyone

  • jacob1
    3rd Mar 2015 Developer 1 Permalink
    @2015 (View Post)
    powder.pref basically contains something similar to browser cookies. If someone has the session cookies then that means they are logged in as that user. Because typing in your password every time you wanted to upload a save would be annoying ...
  • 123me
    6th May 2016 Member 0 Permalink

    (Sorry if it's necro)OK. Maybe, I can find my password in the Jacob1's Mod "powder.pref"file. P.S: I don't have powder.def

  • jacob1
    6th May 2016 Developer 0 Permalink
    @123me (View Post)
    This thread is incredibly old and no longer applies.

    Once upon a time, there was a file called powder.def. It contained your password in plaintext, which was sent to the server in every request. Then someone realized this was a terrible idea after people constantly distributed their plaintext passwords. So now we have powder.pref, which basically has a session cookie instead of your password.

    powder.pref is still bad and should never be distributed if you are logged in. Since it does give full login access. The only thing it doesn't give is your password.
  • ChargedCreeper
    6th May 2016 Member 0 Permalink

    jacob1:

    @123me (View Post)
    This thread is incredibly old and no longer applies.

    Once upon a time, there was a file called powder.def. It contained your password in plaintext, which was sent to the server in every request. Then someone realized this was a terrible idea after people constantly distributed their plaintext passwords. So now we have powder.pref, which basically has a session cookie instead of your password.

    powder.pref is still bad and should never be distributed if you are logged in. Since it does give full login access. The only thing it doesn't give is your password.

     

    So if you log out then log back in again, anyone using that would no longer have access as the session would be invalidated? Sounds like a similar issue that happened with Minecraft session IDs and people accidentally distributing theirs.

  • jacob1
    6th May 2016 Developer 2 Permalink
    @ChargedCreeper (View Post)
    No, logging out in game doesn't actually do anything besides delete the cookies from your computer.

    A new thing I added to the website was that it will actually delete your session ...

    Anyway, to logout, you just have to login 3 times and that will clear the cache of cookies on the website.
  • ArsenicC
    7th Feb 2017 Member 0 Permalink

    Lot ALOT if im can change TPT... Im need moderator!!

  • 123me
    28th May 2017 Member 0 Permalink

    ArsenicC:

    As the powder.pref file states...

    Editing the Admin or Mod parts will not give you magic powers.

    Editing the Elevation parts will not either.

    Editing the powder.pref file MAY break your TPT setup.

  • EasyYT
    1st Jun 2018 Member 0 Permalink
Locked by jacob1: necro