Quote:
Originally Posted by KLS
The client is quite insecure in how it sends passwords when you don't use the live-launcher.
|
By 'live-launcher' do you mean the eq client as of now(ie it's been patched to fix any insecurities) or something else that was present in Titanium and or underfoot?
Could there be a possible work around where we run a insecure login server on the users computer that eq authenticates to, it then communicates securely to the eqemulator official login server.
Code:
+==== users-computer =========+
|+---------+ +----------+ | +---------------+
||eqclient |<-->|fake login|<---internet---->| eqemulator |
|+---------+ +----------+ | +---------------+
+=============================+
The downside would be that the user needs to install another program. Servers could support either insecure(meaning they run the closed crypto binary), secure or both.
Am I way off base and or missing something here?