[trevius]

No matter what, the Public Login Server as it is now should never be fully open source. Not only does it contain the information needed to hack player accounts (including GM accounts), but it may also contain the information to allow hacking directly into EQLive servers. If that is the case, then an Open Source Login Server would probably be a quick way to get SoE spending money to try to get the project shut down. There are just too many security issues with making the current Login Server Open Source.

The only way to have it as open source would be for the authentication to actually happen on the EQEmu Server (individually to each server) instead of at the Login Server. I don't know if there is an easy way to do this other than having the Login Server allow any username/password to login (like minilogin does), and then forward that info onto the server that they try to connect to for authentication to happen. It would probably be able to work similar to the Minilogin, accept instead of forwarding the IP of the account that is logging in, it would just foward the password that they used to log in. Then, the password would just be saved as MD5 to reduce the readability of it.

The problem with that is it would need to be hosted by someone trustworthy, since I don't think it is safe to just enter your password on just anyone's Login Server. It probably wouldn't be hard for them to set it to log passwords/accounts and even if they are kept as MD5, that can still be cracked. Any time you are entering a password somewhere, you should always feel that it is as secure as possible. By allowing anyone to run a Login Server, it opens up a bunch of issues that could potentially cause more impact to the EQEmu Project than the current Login Server issues have been causing.

I am sure there is a good solution that we will eventually all come to, but for now, I think our best bet is to try our best to get the current Login Server issues resolved wether that mean contacting doodman/rogean to help with it or give access to someone active on the project, or maybe research if there is anything else that could potentially help from outside the Login Server. The issue could even maybe be helped just by adjusting the default rates that servers make connections to the Login Server. It could also possibly even be helped by more servers running almost all dynamic zones. I don't know this for sure, but I think zones have some sort of connection to the Login Server, and if so, having 200+ static zones is probably not helping the Login Server issues. Multiply that by a few servers and it starts adding up quick. Maybe if enough servers could adjust their own settings, it would help to fix or at least reduce this issue. That might be a long shot, but it is probably worth considering.

It would also be a really good idea to have a backup of the entire site from time to time in the case that the host server dies. Losing all accounts, wiki pages and forum posts would be devastating to the project and would probably be the end of it. It would take a very long time to recover from a loss like that and losing the wiki pages would make everything much more complicated.