Could this just be the login server telling world.exe through the socket connection to manipulate the DB and world.exe dutifully obliging?
I raised something akin to this in another thread; I think there needs to be a way to set some permissions for your server:
- whether your server is VISIBLE on the server list (i.e. you should be able to make it visible only to certain accounts)
- whether someone can login to your server (see my first point; if it isn't visible, then no one should be able to log in). I consider this separate from the first one, though, as a second line of defense in case the login server were to become hacked or otherwise compromised. By this I mean activating login-ability on an account-by-account basis, not locking the whole server, which can be done already.
Windcatcher
|