Thread: Loginserver Woes
View Single Post
  #14  
Old 04-12-2002, 09:50 AM
theCoder
Sarnak
  
Join Date: Jan 2002
Posts: 90
Default
I don't want to start (too big of) a flame war here. For now, I don't mind too much that the login server code hasn't been released. However, script kiddies is not a good reason not to release the code. Here are a couple of thoughts:

1) If someone has figured it out to make a login server, someone else can also figure it out (duplicate the work). Security through obscurity is only temporary. Maybe it's not your entry level script kiddie doing packet sniffing, but I'd bet some can (maybe not, I've never really met one).

2) I seriously doubt there's any real (as in modern) encryption in the packets. At best it's obfuscation. The data may have been permuted and rotated and otherwise transformed, but obviously not in any decent way (since it was figured out). If Verant used a simple public-private key system with 1024 bit RSA keys, the login server on eqemu wouldn't exist.

3) Having the only login server on eqemu.net is a single point of failure. If it goes down for any reason, everyone is locked out. The reasons could be anything -- technical, legal, loss of interest, etc.

4) Not that I don't trust the people that run eqemu.net, but they (a) are storing my (allbeit poor) password on their server, probably in plain text (one would hope not, but I don't know) and (b) they could use that to log into my server as me. Not that I'd think they'd do that, but as it stands I have to trust that they won't. If there were multiple login servers, I could choose who to trust.

5) Without a login server, you can't use the EMU offline. You have to connect to eqemu.net to play, even on your own server. While this may work for most people, it may not be the best situation for some (for example modem users).

As it stands, it is a good thing that there is a standard login server at eqemu.net. Even if the login server code was released, I would probably still use the login server at eqemu.net. However, the point of Open Source is to involve the whole community in the development of the program. With the login server closed, the community can't support it.

In the end, it's not really my decision -- it's the decision of the developers who wrote it. It's also not really a sticking point (now that the NAT patch works). The EMU is great, and the lack of an open login server doesn't take away from that. I hope I haven't offended anybody...