Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
(-1)

Game looks good, but I got worried when I saw the log in screen. You are having the users transmit passwords plaintext within TLS. First problem is if someone is attacked by a MitM with SSL stripping. The second is that makes me believe that you're storing unhashed passwords. 


Players! DO NOT USE A PASSWORD HERE THAT YOU USE ANYWHERE ELSE! This game handles passwords in in a potentially unsecure manner.

(+2)
You are having the users transmit passwords plaintext within TLS.

This is true, but this is how many sites—including itch.io—work.

The second is that makes me believe that you're storing unhashed passwords. 

Passwords are salted and hashed before being stored in the database.

Players! DO NOT USE A PASSWORD HERE THAT YOU USE ANYWHERE ELSE! This game handles passwords in in a potentially unsecure manner.

Players, please follow this advice for every single website or game you ever touch regardless of their security practices; password managers like LastPass or KeePass will help facilitate this.

Finally, if anyone wants to avoid providing a password to Bot Land altogether, just use a guest account to play.