Thread: EQEmu Public Login v1.02
View Single Post
  #2  
Old 05-21-2002, 03:46 PM
theCoder
Sarnak
  
Join Date: Jan 2002
Posts: 90
Default not to be ungrateful...
hmm.... it doesn't work:
Code:
[theCoder@len ~/dev]$ ./PublicLogin.exe
bash: ./PublicLogin.exe: cannot execute binary file
That's unfortunate. :(
Maybe the readme file included in the download will help. From the readme:

IIII. Reason of Binaries Only
=============================
Verant has encryptions that they have for your safety so people cannot steal your account by sniffing through packets, for the
continued safety of this, the source is not released. We hope that you agree that it is too much of risk to release the source
possibly to people with bad intentions. I hope this login server will ease you a bit if you have had issues with people logging
on to your server when you did not want them.

As someone who has studied computer security, I can tell you that the security through obscurity that you're advocating is only a temporary security. I don't know how many other people have broken the scheme that Verant uses, but I can imagine that you're not the only ones. Fortunately, you at least have good intentions and are not interested in stealing Verant's customers' accounts. However, if you have discovered a flaw in how Verant verifies a user, the correct course of action is to inform Verant, not try to cover it up. If that does not yield any results, perhaps a post to someplace like BugTraq would be appropriate. It is better to fix the flaw than to pretend it doesn't exist.

But perhaps point 4 is really because of point 1:

I. Limitations of Login Server
=============================
You can only have up to twelve (12) login accounts, any over that it will give a message saying the account is banished.
You can only have one (1) world server connected to the login server, if you attempt to connect another, it will be kicked (ghosted).

What really is the point of these limitations? To prevent people from operating competing communities? The only rational reason I can see for keeping the login server proprietary is because you want to sell access to the EQEmu login server the same way Verant does. I guess that's your prerogative to do so, but IMHO you should be upfront about it.

Now, I'm probably not going to make any friends with this post. I may even get banned (though I hope not). I don't mean to be ungrateful for the work being put into this project, but it's really all for naught without a working login server. So I encourage the maintainers to make sure they know what they're doing. Sure, the login server at eqemu.net works for now, but how long will it be there? Imagine if bnetd had a similar Achilles heal.