I must say..... And no offense to the dev team... But this is why you do NOT close source things...
When there is a hole or a problem or someone decompiles it...
Well lets say I was someone you pissed off a few years back... that wouldn't be a good thing at this point..
To clarify, that was an example lol, I'm not making any threats or insinuating anything... That lskey is safe as long as I'm the only one that has cracked it.
Secondly, and again, if it was open-source, the community, I, KLS, or the few hundred others here that are very active and intelligent could have provided you guys with a method of authenticating sessions, not just outright trusting an account creation based on a key received from the ls server (keep in minds I can "push" a packet anywhere i want and make it appear to be sent from George W's pc itself, that info is just modified packet headers and pushed packets... thats it.)
Being I'm probably just leaving a message on an answering machine here that won't get heard until another 4 or 5 months down the road... This situation is kinda of urgent, not to mention the other community members here that are strangled at the fact they cannot contribute or submit code because of "dev team" inactivity. *not complaining, just repeating*
Suggestion...
Change the usrmeth() , re-release eqemu, keep that to yourself, open up the login server, let the community do what communities do best... Build, create, and improve.
|