Project 2002 - The Age of Al'Kabor - Release Date 3/20/15 - Page 7

Flamewraith · #1 03-03-2015, 04:52 PM

And everyone is like, it's only low because people are bored they will come back with planes. Seriously? It's low because 1/3 the server was either banned or ragequit due to super sketchy rules.

**Haynar** · #2 03-03-2015, 05:41 PM

Quote:

Originally Posted by Flamewraith [You must be logged in to view images. Log in or Register.]

And everyone is like, it's only low because people are bored they will come back with planes. Seriously? It's low because 1/3 the server was either banned or ragequit due to super sketchy rules.

Thats why p99's population is so low. Four years of Kunark means death for the server.

Whatever.

H

Arclyte · #3 03-03-2015, 05:45 PM

this server sounds like shit

Furst · #4 03-03-2015, 06:01 PM

Quote:

Originally Posted by Arclyte [You must be logged in to view images. Log in or Register.]

this server sounds like shit

A post not about TAK, thanks for your input

**Haynar** · #5 03-03-2015, 07:11 PM

Here is my honest opinion about p2002.

I know nothing about those running or hosting the server.

The people advocating the server the loudest, are brash, outspoken. And have little positive to say of other servers.

Their resume says, their dev chatted with CD an hour.

Seriously?

Since they use their own login server, it is the perfect front for someone like platlord to gather passwords. Then a few months later, use them to log in to idiots accounts on p99 that used same accounts/pass. Strip plat and gear. Make another $50k selling for RMT.

My recommendation, if you try this server, do not use any account name or pass u used elsewhere. If u did, then change your other passwords asap.

Too many red flags. Play at your own risk.

The High Priest has spoken.

Move along.

Tollen · #6 03-03-2015, 07:41 PM

Quote:

Originally Posted by Haynar [You must be logged in to view images. Log in or Register.]

My recommendation, if you try this server, do not use any account name or pass u used elsewhere. If u did, then change your other passwords asap.

sounds like sound advice no matter what flags you see. Thanks

loramin · #7 03-03-2015, 08:35 PM

Quote:

Originally Posted by Haynar [You must be logged in to view images. Log in or Register.]

Since they use their own login server

I think this is a red flag entirely separate from Haynar's (very valid) security concerns.

Logins are a pain in the ass, both as a server admin and as a user ... which is why anyone with any sense starting a new website uses OpenID. These people could have used OpenID (with Google or Facebook or ...) OR they could have used EQEmulator, but instead they chose the worst option for both themselves and their users.

If the people behind this project can't be bothered to make their users' lives easier when it takes LESS work to do so, what should we expect of them when something actually takes effort?

jetviper21 · #8 03-03-2015, 10:34 PM

Quote:

Originally Posted by loramin [You must be logged in to view images. Log in or Register.]

I think this is a red flag entirely separate from Haynar's (very valid) security concerns.

Logins are a pain in the ass, both as a server admin and as a user ... which is why anyone with any sense starting a new website uses OpenID. These people could have used OpenID (with Google or Facebook or ...) OR they could have used EQEmulator, but instead they chose the worst option for both themselves and their users.

If the people behind this project can't be bothered to make their users' lives easier when it takes LESS work to do so, what should we expect of them when something actually takes effort?

Its very apparent that you do not understand how the login server for the peqmac emu works so let me enlighten you. You can't use the eqemu login and you can't use openID to login to peqmac everquest. Mostly because the mac client was changed to use the newer token based authentication. This is hacked around in the mac version that you could use to play on Al'kabor by using a separate routine in the login server itsself. The PC version still uses a version of the eqemu login code. Since the mac clients have no server select screen you are forced to run a login server that will forward the client to your world server.

Mac:
https://github.com/cavedude00/Server...lient.cpp#L178

PC:
https://github.com/cavedude00/Server...lient.cpp#L283

All passwords are SHA1 hashed with a salt (which isn't the best) but its also not the worst. Personally I would prefer bcrypt or SHA-512

jetviper21 · #9 03-03-2015, 10:54 PM

That being said even the official tak login server will log your password in plain text to the servers log files.

https://github.com/cavedude00/Server....cpp#L199-L200

Another fun thing is that if you are on a mac and you run "ps aux | grep Everquest" you can see your password in plain text passed as a command line argument. So arguing security here has little merit in a system that has obvious flaws

Secrets · #10 03-17-2015, 09:15 PM

Quote:

Originally Posted by jetviper21 [You must be logged in to view images. Log in or Register.]

That being said even the official tak login server will log your password in plain text to the servers log files.

https://github.com/cavedude00/Server....cpp#L199-L200

Another fun thing is that if you are on a mac and you run "ps aux | grep Everquest" you can see your password in plain text passed as a command line argument. So arguing security here has little merit in a system that has obvious flaws

It's an option and if it's a security concern I will personally remove it.

It's no different than the plaintext passwords being sent on the client to the EQ server, though that's more of a client restriction.