Feature request

Elkay · #1 10-16-2004, 04:38 PM

After some testing, I've noticed that this minilogin bases who gets logged in solely on the ip address matching minilogin_id, even if the login/password is invalid. I understand that this is basically an alternate method of verificaiton to bypass the crypto, but in the future do you see adding a login/password check instead as being viable? Or would that make it a real public LS instead of Minilogin and therefore fall under the category of what the dev team hasn't wanted to release in the past? Just curious more than anything else, as this alone at least allows testing and world development when the emu LS is down or confused.

The other feature that would be nice also is at least being able to secure the server via locking the server through the INI which the public LS does support. Right now it's locked in my INI but simply shows 'Up' status via Minilogin.

Edgar1898 · #2 10-16-2004, 06:01 PM

Quote:

Originally Posted by Elkay

After some testing, I've noticed that this minilogin bases who gets logged in solely on the ip address matching minilogin_id, even if the login/password is invalid. I understand that this is basically an alternate method of verificaiton to bypass the crypto, but in the future do you see adding a login/password check instead as being viable? Or would that make it a real public LS instead of Minilogin and therefore fall under the category of what the dev team hasn't wanted to release in the past? Just curious more than anything else, as this alone at least allows testing and world development when the emu LS is down or confused.

The other feature that would be nice also is at least being able to secure the server via locking the server through the INI which the public LS does support. Right now it's locked in my INI but simply shows 'Up' status via Minilogin.

It doesnt handle any encryption, but it wasnt designed to. Like you noted, it basis its authentication by the users IP address only, that is what the main difference between the public one and Minilogin. I had this pointed out to me a few weeks ago I I think its very relevent - under the DCMA if someone releases code that allows someone to circumvent encryption protocols, they can be held liable. Therefore releasing a login server that decrypts login passwords would not be the smartest thing to do. Even though SOE is leaving us alone right now, they almost certainly would be pissed if a full login server were publicly released. I disabled the locked status because there is really no need for it. If someone is hosting a server on their network for a few friends as was intended for this product, they should be able to trust them :P

Cisyouc · #3 10-17-2004, 03:36 AM

Quote:

Originally Posted by Edgar1898

Quote:

Originally Posted by Elkay

After some testing, I've noticed that this minilogin bases who gets logged in solely on the ip address matching minilogin_id, even if the login/password is invalid. I understand that this is basically an alternate method of verificaiton to bypass the crypto, but in the future do you see adding a login/password check instead as being viable? Or would that make it a real public LS instead of Minilogin and therefore fall under the category of what the dev team hasn't wanted to release in the past? Just curious more than anything else, as this alone at least allows testing and world development when the emu LS is down or confused.

The other feature that would be nice also is at least being able to secure the server via locking the server through the INI which the public LS does support. Right now it's locked in my INI but simply shows 'Up' status via Minilogin.

It doesnt handle any encryption, but it wasnt designed to. Like you noted, it basis its authentication by the users IP address only, that is what the main difference between the public one and Minilogin. I had this pointed out to me a few weeks ago I I think its very relevent - under the DCMA if someone releases code that allows someone to circumvent encryption protocols, they can be held liable. Therefore releasing a login server that decrypts login passwords would not be the smartest thing to do. Even though SOE is leaving us alone right now, they almost certainly would be pissed if a full login server were publicly released. I disabled the locked status because there is really no need for it. If someone is hosting a server on their network for a few friends as was intended for this product, they should be able to trust them :P

Is it possible to release the source without releasing the encryption piece? Im not all that familiar with DLLs but thats something that comes to mind, or is that essentially the same thing?

Edgar1898 · #4 10-17-2004, 03:48 AM

Its possible, but probably will never happen.

daeken_bb · #5 10-18-2004, 05:01 AM

Quote:

Originally Posted by Edgar1898

under the DCMA if someone releases code that allows someone to circumvent encryption protocols

That's actually not true. It's illegal to release a piece of code that circumvents copyright protections, not encryption.

IntesstoMic · #6 11-20-2004, 10:15 PM

Hello
Elkay and you solve your pb with minilogin ?
If yes, can you post your solution ?
It probably help me...
thanks

Elkay · #7 11-22-2004, 04:51 AM

What exactly is the problem you're having? If you post the error/symptoms, I can probably get you up and running.