Opinion from Community
I wanted to suggest an idea I had to try and make a possible different approach to the issue at hand.
Some people have suggested a WoWEmu like alternative where servers handle their own login servers and I would like to see what people think of this design. 1) run your own public server with unlimited users, but a limitation of 3 world servers per login. 2) a statistics site which will post the login server name, a short description, the active users/zones/players (and worlds within). 3) There will be a limitation that will require your login server to connect to the main statistics, however there will be a large gap of time that they can be disconnected between each other and the login server still function. |
Im for it personally 1 world server 3 50 doesnt matter to me im not planning on hosting other peoples servers on my personal setup but I like your idea none the less
The only drawback i see is whether or not the current emu staff would agree with this and setup the site and statistics server, seems to be dependant on what athey say in that reguards unless you setup or someone else volenteered to setup the statistics aspect of it other then that one little hiccup i say wholeheartedly yes |
Most of this was already programmed into the base login server, we had Master/Slave/Mesh servers, just needs to be updated.
|
well then by all means lol
I just hope that this doesnt turn into something that is totally dependant on the emu staff to maintain or be able to stop its progress by not putting the site up here for the stats |
Quote:
|
I guess what im saying is is there a backup plan to the stats site being here at the main emu site or do you have a plan for if they dont want to go this route
EDIT: thats what i was getting at lol If you guys need any help with the stats aspect lemme know im also trying to come up with a way to transfer players characters to new accounts image told me i need to get with you about that part though cause your the DB guy |
I support this.
|
If there is going to be a Private Login Server option for what are currently considered Public servers, IMO, it shouldn't rely on anything other than itself to work. A centralized status list would be nice as an option, but shouldn't be required IMO.
If possible (and I am sure it is), there should be a way for players to log into their current Public accounts and set a password while in game through the Public Login Server that will let them use that same password to authenticate to that same account from the Private server. Preferably, people should set a different password than what their public password is, but just in case they don't, the passwords should be saved to the database as MD5 if possible. It also might be good if admins had a way to set a temporary password for accounts. Then, if the LS is down and someone needs access to one of their accounts, but hasn't set a password yet, if the admin trusts that they do actually own the account, they could set a password for them. And, after they log in with the password the admin set for them, they could change the password again. Then, when someone tries to connect to a server through the private LS connection, they would just use the password they set and still be able to access their characters from their Public account. The only issue with a system like this would be creating new accounts while the Public LS is down, but that isn't too much of an issue. It would also be great if all servers had the option to be connected to both the Public LS and the Backup Private one at the same time so their players could use either, or easily switch to the backup if the public was down. Actually, after checking the source, there is already a command called #setpass, which would let admins set their own password. It would just need to be modified so that players can use it as well, but only for setting their own passwords (not everyone's password like the command is set to do currently). If a statistics webpage was set as an option, it would be really nice to have a decent customizable config in it. The config could include an optional webpage/forums link that link directly to the server's website/forums from the status page. Also, it would be good to have a setting for entering the host name of the server. And, that too would have a link from the status page that could generate exactly what to change your host.txt file to to use that particular server. I am sure someone could even write a simple batch file that would let people pick which server they wanted to connect to and it would simply automatically change their host file for them. It also might be nice if there was a way to add a brief description of the server to the status page (maybe from a mouse-over or something) that would be limited to 250 chars or so. That description could also be saved in the config file as an option. I am sure other features could be added to make a really cool status page, but those are just a few I can think of off the top of my head that would be really useful. Now, for registering accounts through the Private LS and not have it conflict with the Public one, that would be a bit more complex, but I am sure it could be done. One way would be to have a separate table for private-only accounts that would append some sort of prefix or suffix to the account name when used so that it doesn't get confused with Public ones. Either that, or just make it so that Privately registered accounts automatically append something to the name that is highly unlikely to conflict with any public accounts. Or, just require that people using private-only accounts append something themselves for the account to work. So, if you wanted to make a private account named "cleric1", you would actually create an account named "pls-cleric1", where the "pls-" stands for "Private Login Server". It would probably be a fair amount of work to get all of that working perfectly, but that is the best solution I can think of to make sure that the Login Server is never an issue on the emu ever again. |
unfortunately I think more for the private route and everyone has their own registration. It is too easy to spoof being another client in this game to trust passing that data back and forth. I think people want the freedom of their own LS too..
|
Quote:
#3 has to go though. Nothing should require a central server to keep it functioning. Instead, make a new launcher that could pull down current info from a central server, but would still be able to connect to servers it already knows about even if the central info server is down/gone. Store the servers info in a text file, like EQHost.txt, so the file could be edited manually. |
Quote:
If there are issues with account security, then maybe they can be worked out. If it is so easy to spoof being another account, then I don't see how that wouldn't be a potential issue for any Login Server, private or Public. I am not sure how that would effect being able to use public accounts on a private server. If you are setting a password into the accounts table, you would have to know what that password was to be able to access that same account through the Private LS. I am talking about players setting their own passwords to their accounts while they are actually logged into the server through the Public LS. That should pretty much confirm that they do actually own that account. If there are security issues with that, then maybe they can be worked out somehow as well. |
Unfortunately the password isn't used all the time to handle your authentication, that is my concern. It is part of how the EQ client works.
|
The password isn't used all of the time? I don't pretend to know exactly how the LS works, but I know the official public LS will never let you into your account if you enter the incorrect password. Try it a million times and you still won't get in. If you do, that is news to me and there needs to be a fix if possible for it, lol...
|
I don't want to elaborate but pretty much.
|
Ok my two cents here...
That would mean ALL loginservers being connected to a central database with all accounts in it, HUGE security risk one person figures out how to get the info for the db and EVERYONES accounts and EVER private server is vulnerable. That would be in no way different from just using the public LS. which the point of this is so that people do not HAVE to use it and can have autonomy. while a launcher to choose a LS is an option. I see no good comming of emabling all the loginservers access to all the other loginservers accounts other then some wannabee l33t hacker compromising EVERYONES accounts. ontop of that some people dont WANT to be connected to the public ls at all there are many users of minilogin already. so obviously not everyone wants to be dependant on the current ls or have their server publicly connected to it. |
also setpass is for the account table for worldserver ONLY it isnt connected to the LS in any way
|
Aergad, did you read my post at all, or did you just not understand what I was talking about?
The old mini-login that is IP based uses the server's accounts table to authenticate, only it uses IP instead of any sort of password. That is the exact thing I am talking about that we could do with a new Private LS that could authenticate via passwords instead. It would run locally on the individual server's network (or even on the same server), and would have direct access to the accounts table for authentication exactly like the IP Mini-Login does now. It is a simple concept. It also has nothing at all to do with running some centralized account database, as that would be one of the worst security risks possible, LMAO. I don't think you quite understood what I was talking about. And yes, #setpass would set the password in the correct place for this idea to work. Now, if there are some password authentication issues with Login Servers, then that is news to me. I couldn't come up with a good solution without knowing all of the details. But, I can't really imagine that the client would ever not send the password for authenticating unless there was a hack around it. And if there is a hack around it that compromises accounts, then I don't see what that has to do with this particular idea that doesn't also effect all Public and Private Login Servers already. |
so you are saying they create a command to set their login password to be used on said private server which is the world server owner? Just making sure I understand.
|
whati am saying is that the new minilogin doesnt touch the accounts table it uses login_accounts its two totally different forms of authentication
|
the setpass command is used for the worldserver only for access to the web interface and telnet the two tables are apples and oranges the ls doesnt touch the accounts table and idealy the ls uses a seperate database entirely for the login accounts they dont interact worldserver handles all the interactions with accounts table so doing it how you said would make no sense
|
Quote:
Here is an example of what I think would work very well: 1. PlayerA logs into the Public Login Server with their account "player1" and connects to their favorite server. 2. If that server is up-to-date and configured to use the Public and Backup Private LS at the same time, they can enter the game on that server and type "#setpass mypassword". That will save "mypassword" in an MD5 hash into the accounts table for their account "player1". 3. They can then log out and exit EQ completely. And then change their eqhost.txt file to point to their Private LS for that particular server. 4. This time, they log into EQ and hit the Private LS for that server. When they log in, they use the account name "player1" still, but then they use the password "mypassword" that they set while they were on their public account. 5. Since the Private LS would have direct access to the accounts table (just like the IP based mini-login one does now), they would authenticate to that account and have access to their own characters from the Public account. Since they set the password while logged into their Public account, it verifies that they do own that account and should be just as secure as using the Public Login Server. The only issue with this option is that a determined admin could crack the password that the user set in their accounts table if they wanted. So, it would be a good idea to use a different password from what they might use for other servers and for the Public LS. But, the MD5 should at least reduce the likeliness of admins snooping through passwords. If you are playing on a server where you trust the admins of it, this shouldn't be an issue at all anyway. Does that make sense? I can picture it working perfectly like that, but it probably sounds a bit confusing. |
I understand what you mean, if the login server were setup to use the same database as the world, yes.
|
ok.. I didnt read the last few posts yet but heres my 2cents..
I think all we need to do is change the LSID for the accounts to either the lsid for your LS or isid for eqemu LS.. so like if your changing from eqemu LS to private, set the LSID to the same account to the private LS LSID. shrug lol. |
Quote:
|
Quote:
|
ok butyour not listening here the LS doesnt TOUCH the account table what your talking about would require a total rewrite of how the ls works AND a rewrite of how world authenticates...
Ontop of that the lsacctid value wont match so world wont let the user in if they switch between loginservers each ls would assign its own loginserver id. World is the only thing that touches the accounts table the login server runs off a different database minilogin the official one doesnt even touch the account table look int he worldserver code worldserver handles the authentication minilogin jsut sends the ip to the worldserver |
minilogin doesnt use the database at all though thats wht you dont understand look in the code the worldserver handles all that all minilogin does is transmit the ip to world.exe thats why it works that way with minilogin but here is the catch the new minilogin uses a totally seperate table called login_accounts
|
What exactly are you proposing as the ideal solution, Aergad? To make everything 100% privately handled? I am sure that could be done very easily with the mini-login image wrote just by him removing the restrictions he set on it. Everything else is already in place for that.
All I am proposing is a solution that would work for everyone in almost any scenario. Sure, that would require some rewrites to the current code, but is it all that hard to change the table that it interacts with? Also, the LSID shouldn't really matter at all. The Public LS uses it because it runs from it's own database and should always match up fine. Since it doesn't send a password to the server when an account logs in, checking the LSID should just be another way to verify that it is the correct account that is trying to connect. In the case of a private LS, you shouldn't even need to verify LSID, since you get the account and password, which should be plenty to authenticate securely with. I am fully aware that the mini-login Image wrote uses different tables. But, since the Login Server and Server code both have the ability to be changed, anything is possible. If the issue was a limitation of the client, that would be a different story, but in this case, it isn't. I am not trying to get anyone to do anymore work than they want to do on getting a solution created. I just wanted to mention what I consider to be the ideal permanent solution. |
one thing you are forgetting is that SOE made this to work a certain way eg the client for their use on one login server not 50 or 100 loginservers all sharing and transfering information. all it would take is ONE person with ill intentions and the skills to pull it off and what you propose would put everyone at risk because, and this is the key all the loginservers would have to communicate with one another. It is the only way to transfer lsaccount ids and so forth and edit them automaticly. ontop of that we cant make the client transmit anything it doesnt already transmit.
the more things connected to the loginservers the more insecure they are, hell look at the current public ls and what someone is doing bringing ti down, now imagine if all loginservers were connected to each other imagine what that one person could accomplish. Along with THAT risk there is the risk of all that account info just floating about cyberspace its just a bad idea no matter how you slice it. I think images original plan is the best ONE public loginserver and the private ones listed in a central place where people can pick and choose which they want to play on. Hell you cant even transfer accounts between servers on live without paying them a hefty fee and when you do pay them it takes them a while to do it dont you think the reason for that is the fact that its not a simple thing to do? I would NEVER condone a system in which if someone compromises one ls all would be at risk because they are all located centrally sharing account information and so forth. its just too dangerous Not only that but there is no reason for it the minilogin users use minilogin to NOT be on the public loginserver for their own reasons i highly doubt they want their own login server connected to the puclic loginserver. what you are proposing doesnt make sense, and im sorry for saying that but it just doesnt. Why go through all that work why put EVERYONES supposedly private ls at risk by them all being connected to the already massivly insecure public login server when the people who DO use minilogin dont WANT to be connected to the public LS anyway. and please dont say its best that everyone is connected and sharing the public ls because shards of dalaya disproved that long long ago they are private and have a far far bigger userbase then any one server on the public ls heck probably all of them put together dont come close to the ammount of players SoD has at any given time most ive seen on PEQ the most popular server on the public LS is about 200 or so the LSID IS in the NEW Release of minilogin your talking about totally reinventing the wheel. and yes we can put anything we wnat in any hunk of code but the questions are one will it actually work properly TWO how secure will it be cause i sure as hell dont want my server compromised because its connected to another server that gets hacked like the public LS Does DAILY. nor do i want my users in a possition to have their accounts hacked because someone compromises their account through someone elses server. not only is your idea an enourmous ammount of work for the develpers but then the users are gunna have to keep track of the ls password then the password theyt use on each and every worldserver they connect to... Its full of more holes then swiss cheese security wise. images method is best in this case all loginservers standalone listed in a central location not interacting with all thee other loginservers plus one that getshacked every day and brought down that is the most secure way. again MOST people are going to use the public LS anyway the people who DONT use it already are the ones who are going to be using this the most. and yes there are client limitations why do you think you cant have an eqhost.txt file full of loginservers to choose from. remember this system was made by soe yes it was reverse engineered by the emu staff past and present but the way its got to work with the client is the same and that setup is only for ONE login server the way they designed the client thats how it works. but all that aside the worst part of your idea is the huge security risks to EVERYONE that it poses |
You obviously are still completely misunderstanding what I am proposing and why it is the best solution and still just as secure as anything you might propose.
I said nothing at all about sharing account information between any servers, private or public. There is no sharing involved at all... All account information for this idea would be held and accessed only on the server running it's own private Login Server. It would work exactly like a private Login Server should, exactly like you are suggesting, accept with more options. It has nothing to do with any other server's Private LS and doesn't interfere or interact with them in any way at all. I don't know why this is hard to understand as the concept is really quite simple. Yes, the eqhost.txt file cannot accept multiple Login Servers to be set in it to be used at the same time, but you can set as many as you want in there and comment them out using the # sign and then simply uncomment whichever one you are wanting to use at that time and comment the previous one you were using out. Something like this works perfectly fine: Code:
[LoginServer]I'm not sure what it is that you are not getting about this idea, but I think that if you understood it, you would be perfectly fine with it. As far as how much work it would take to code exactly what I am talking about, I really don't think it would be that much at all. Then again, I have been working on getting the Secrets of Faydwer expansion to be fully compatible with the emulator for 4 months now for hours every single night. So, compared to that, most things pale in comparison :P At least it is almost done now, so it shouldn't be long before I can move onto doing other things and hopefully find time to start working on new content for the server I run. I may be wrong, but I think Image said it only took him a couple of days to code the whole new Mini-Login and Public LS that they have now. If that is so, even if a good portion of it had to be adjusted to work for this idea, it isn't like we are talking about an insane amount of work to do it. Not that I am asking him to do it, but just saying it probably isn't as bad as you are thinking it is. The whole concept of this idea would be to have dual LS capability for server. People would set their server to connect to the public LS just like normal (though, that would be optional and not required if you just wanted to use the Private one). Then, they would also set it to use the Private LS running on their own server and using their own accounts database at the same time. Ideally, servers would be connected to both all of the time. But, in the case that the Public LS goes down for any reason, their players could then change their eqhost.txt to point to the private one for that particular server. Also, if people wanted to avoid the Public LS even when it was up, they would still be able to use just the Private LS for that particular server since they would both be connected at all times. The private LS wouldn't use the LS account ID numbers like the Public one does. Authentication for the private LS would ignore the "lsaccount_id" field completely since it would have no way of knowing what it should be. Instead, it would use the password field when people log into their private LS and then just forward any accounts that pass the authentication check at that point straight to the server as authenticated. That is it. Am I missing anything to make this more clear? I am not trying to start an argument here. It seems that no matter what I say, you have to disagree, Aergad. That is perfectly fine, as everyone is entitled to their own opinion and you aren't breaking any kind of rules. But, I am not going to bother discussing it any further with you until you can understand that I am not out to control you or anyone else. All I am here for is to be helpful. I know you haven't been around this community long (maybe 2 weeks), but if you give it time, you might see that I am a fair person who just wants to help :P |
Image keep up the good work I think you have a really good idea with this..
As you have seen in my other posts I think we need to take every step united and not split off into nothingness...... I do not think your idea will make the people disconnect themselves from each other in fact it would probably have the opposite effect... It would again unite everyone as EQUALS in the community which in some ways... has not been done in years... King |
First off this may take some downloading on the client end but if it works it would be great. Now to the how to. have the public LS as it is and the private LS owner would have to talk to the Dev’s to get there server info added to the splash screen in a drop menu (protecting those who don’t want there info for public use). Now say the public LS is down you can select the private LS from the drop down and it would run a script that would change the eqhost.txt to point to the right server then wala you are logged into the server you want with your toon you like to play. Also the end user would require minimal intervention and everyone is happy. I know it is not as easy as that but fill free to rip this idea apart and change or flame as needed. added a link to the Idea in a pic.
http://viewmorepics.myspace.com/inde...ageID=11854744 |
This could totally bring people together, even though at first glance it doesn't appear to be that way and it's not what a lot of us are used too (Especially me hehe)
But mind you DAOC EMU <like you said> worked out great and they were all VERY VERY united... So have alot of other emu projects.... I just feel we need to stick together .. whatever it is we do we have to remember we are actually a family (not to get mushy) but still..... Some of us like myself have been doing this for numerous years and wish to continue to do so.. King PS: Angelox We still really need your help , and anyone else who has felt left out over the years.. don't feel that way please!!! We value you very very much |
One of the joys of playing on eqemu current setup (this is as a very active player) is to search the server screen list and try out new servers. How will this work and how will I connect up with brand new servers?
|
People just want a login server that works. People who try the emu like the fact that it is also free. Independent of "freedom", "choice", "admins", "bad code" or anything else.
Yes, the LS is currently a single point of failure/attack. We recognise that the people attacking the LS do not want to play. If I understand correctly, the attacks are DoS, rather than DDoS. So, even with the added emergency state, the people attacking it reduce it to zero functionality, achieving their aim. The admins, having other real commitments, react as well as is possible for a service with limited access. This is not a business service with admins sitting on it 24/7. Good firewalls can be configured to recognise and block attacks, but would it be fast enough stop the LS collapsing? VPNs would help shut out the attacks, but are perhaps beyond the technical ability of many. A distributed LS can be more resilient, but it will still be attacked, especially if people are targeting the LS because of an issue with a particular server, or person. In this age of script kiddies, if you want resilience and stability, use adult tools and services. If that means getting a commercial host, then so be it. |
A solution that keeps this community together, rather than letting it fragment would be, I feel, desirable.
I am sure the present situation will resolved, seems like a series of hoops and hurdles have to be overcome. All good things are worth waiting for. :) |
Ls
Why not release what you have and let others look at what you have as with many great ideas that I have seen here. Many came up with great ideas, put them up for others to look at, revised them as a PROJECT. There are serveral in this community that have the knowledge to add to this and make it work for all and they will always support the ideas of others good or bad. I personally would like to see a LS that works 100% of the time however I would not ever use anything that was not part of this community.
|
I support this. I'm not sure what is going on with KLS - but the whole donation and update process seems to have disappeared. It would be nice if those who donated could get an update on what's going on. I think the bottom line is something needs to be done quicker than what is being done now, this project is starting to lose people.
|
I trust KLS, don't worry about her, for now we should trust all those people in the Project who work for us.
There's a reason why they are not speaking up, so give it some time. Quote:
|
I see what we are getting at with the shared LS, we would need a way to generate UNIQUE id's that way, sort of like how everquest has those item id tags.
The reason I say this is, if I have LSID account 1 on my public server (which we obviously do), the private server would have LSID 1 of a different user. The Login server uses the LSID to identify and pass. Yes you can setup a private password with #setpass if they have the tables meshed in the same database, but the LSID would still be an issue. So I think this would require a bit of re-work. Edit: The reason I want unique LSID's is there still are a lot of database functions/calls that use the LSID and this would cause problems with login and world. |
| All times are GMT -4. The time now is 11:16 PM. |
Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.