EQEmulator Forums

EQEmulator Forums (https://www.eqemulator.org/forums/index.php)
-   Support::MiniLogin (https://www.eqemulator.org/forums/forumdisplay.php?f=629)
-   -   Feature request (https://www.eqemulator.org/forums/showthread.php?t=16425)

Elkay 10-16-2004 04:38 PM
Feature request
 
After some testing, I've noticed that this minilogin bases who gets logged in solely on the ip address matching minilogin_id, even if the login/password is invalid. I understand that this is basically an alternate method of verificaiton to bypass the crypto, but in the future do you see adding a login/password check instead as being viable? Or would that make it a real public LS instead of Minilogin and therefore fall under the category of what the dev team hasn't wanted to release in the past? Just curious more than anything else, as this alone at least allows testing and world development when the emu LS is down or confused.

The other feature that would be nice also is at least being able to secure the server via locking the server through the INI which the public LS does support. Right now it's locked in my INI but simply shows 'Up' status via Minilogin.

Edgar1898 10-16-2004 06:01 PM
Re: Feature request
 
Quote:
Originally Posted by Elkay
After some testing, I've noticed that this minilogin bases who gets logged in solely on the ip address matching minilogin_id, even if the login/password is invalid. I understand that this is basically an alternate method of verificaiton to bypass the crypto, but in the future do you see adding a login/password check instead as being viable? Or would that make it a real public LS instead of Minilogin and therefore fall under the category of what the dev team hasn't wanted to release in the past? Just curious more than anything else, as this alone at least allows testing and world development when the emu LS is down or confused.

The other feature that would be nice also is at least being able to secure the server via locking the server through the INI which the public LS does support. Right now it's locked in my INI but simply shows 'Up' status via Minilogin.
It doesnt handle any encryption, but it wasnt designed to. Like you noted, it basis its authentication by the users IP address only, that is what the main difference between the public one and Minilogin. I had this pointed out to me a few weeks ago I I think its very relevent - under the DCMA if someone releases code that allows someone to circumvent encryption protocols, they can be held liable. Therefore releasing a login server that decrypts login passwords would not be the smartest thing to do. Even though SOE is leaving us alone right now, they almost certainly would be pissed if a full login server were publicly released. I disabled the locked status because there is really no need for it. If someone is hosting a server on their network for a few friends as was intended for this product, they should be able to trust them :P

Cisyouc 10-17-2004 03:36 AM
Re: Feature request
 
Quote:
Originally Posted by Edgar1898
Quote:
Originally Posted by Elkay
After some testing, I've noticed that this minilogin bases who gets logged in solely on the ip address matching minilogin_id, even if the login/password is invalid. I understand that this is basically an alternate method of verificaiton to bypass the crypto, but in the future do you see adding a login/password check instead as being viable? Or would that make it a real public LS instead of Minilogin and therefore fall under the category of what the dev team hasn't wanted to release in the past? Just curious more than anything else, as this alone at least allows testing and world development when the emu LS is down or confused.

The other feature that would be nice also is at least being able to secure the server via locking the server through the INI which the public LS does support. Right now it's locked in my INI but simply shows 'Up' status via Minilogin.
It doesnt handle any encryption, but it wasnt designed to. Like you noted, it basis its authentication by the users IP address only, that is what the main difference between the public one and Minilogin. I had this pointed out to me a few weeks ago I I think its very relevent - under the DCMA if someone releases code that allows someone to circumvent encryption protocols, they can be held liable. Therefore releasing a login server that decrypts login passwords would not be the smartest thing to do. Even though SOE is leaving us alone right now, they almost certainly would be pissed if a full login server were publicly released. I disabled the locked status because there is really no need for it. If someone is hosting a server on their network for a few friends as was intended for this product, they should be able to trust them :P
Is it possible to release the source without releasing the encryption piece? Im not all that familiar with DLLs but thats something that comes to mind, or is that essentially the same thing?

Edgar1898 10-17-2004 03:48 AM
Its possible, but probably will never happen.

daeken_bb 10-18-2004 05:01 AM
Re: Feature request
 
Quote:
Originally Posted by Edgar1898
under the DCMA if someone releases code that allows someone to circumvent encryption protocols
That's actually not true. It's illegal to release a piece of code that circumvents copyright protections, not encryption.

IntesstoMic 11-20-2004 10:15 PM
for Elkay
 
Hello
Elkay and you solve your pb with minilogin ?
If yes, can you post your solution ?
It probably help me...
thanks

Elkay 11-22-2004 04:51 AM
What exactly is the problem you're having? If you post the error/symptoms, I can probably get you up and running.


All times are GMT -4. The time now is 06:17 PM.

Powered by vBulletin®, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.