Thread: A letter
View Single Post
  #8  
Old 10-15-2007, 09:04 AM
Ayala's Avatar
Ayala
Fire Beetle
  
Join Date: Oct 2007
Posts: 14
Default
Quote:
Originally Posted by Lalolyen
Secondly, and again, if it was open-source, the community, I, KLS, or the few hundred others here that are very active and intelligent could have provided you guys with a method of authenticating sessions, not just outright trusting an account creation based on a key received from the ls server (keep in minds I can "push" a packet anywhere i want and make it appear to be sent from George W's pc itself, that info is just modified packet headers and pushed packets... thats it.)

Being I'm probably just leaving a message on an answering machine here that won't get heard until another 4 or 5 months down the road... This situation is kinda of urgent, not to mention the other community members here that are strangled at the fact they cannot contribute or submit code because of "dev team" inactivity. *not complaining, just repeating*

Suggestion...

Change the usrmeth() , re-release eqemu, keep that to yourself, open up the login server, let the community do what communities do best... Build, create, and improve.
Looks like he was trying to help. make the server login more secure. Not sure exactly where he attacked your code, but not seeing it.

Quote:
Originally Posted by Lalolyen
The software is fairly simple, but the main thing they are hiding is their login servers authentication from server to server. Seriously... If you released that, there would be hackers galore right now eating up every server out there, creating SysOp accounts and booting everyone. YES you can control status from the login server though I did find an option in the source of emu to not honor status requests from the login server; I'm sorry but that needs to be on by default... IF I CAN CRACK IT, that means there are a lot of others that can as well.
Seems a good reason to keep it closed if there is a security flaw that big in it. I'd say we had better be glad that a hacker didn't get a hold of it and spam everyones servers with fake accounts first.

Not sure what all the tension is about, but it seems like someone's got their panties in a wad and a flame war ensued.

As far as the private messaging is concerned. I can kind of understand that since it seems like posting something out in the open is obviously a bad idea for them, but not sure how that's bashing the forums. It looks like they don't like the way things went, but didn't see any direct bash comments in there.

Just my thoughts on it is all.
Reply With Quote