Project 2002 - The Age of Al'Kabor - Release Date 3/20/15

[Pokesan]

officially shipping Torven x Secrets

the #1 best contributors to the AK emu projects

now kiss

[jetviper21]

Quote:

Originally Posted by loramin [You must be logged in to view images. Log in or Register.]

I think this is a red flag entirely separate from Haynar's (very valid) security concerns.

Logins are a pain in the ass, both as a server admin and as a user ... which is why anyone with any sense starting a new website uses OpenID. These people could have used OpenID (with Google or Facebook or ...) OR they could have used EQEmulator, but instead they chose the worst option for both themselves and their users.

If the people behind this project can't be bothered to make their users' lives easier when it takes LESS work to do so, what should we expect of them when something actually takes effort?

Its very apparent that you do not understand how the login server for the peqmac emu works so let me enlighten you. You can't use the eqemu login and you can't use openID to login to peqmac everquest. Mostly because the mac client was changed to use the newer token based authentication. This is hacked around in the mac version that you could use to play on Al'kabor by using a separate routine in the login server itsself. The PC version still uses a version of the eqemu login code. Since the mac clients have no server select screen you are forced to run a login server that will forward the client to your world server.

Mac:
https://github.com/cavedude00/Server...lient.cpp#L178

PC:
https://github.com/cavedude00/Server...lient.cpp#L283

All passwords are SHA1 hashed with a salt (which isn't the best) but its also not the worst. Personally I would prefer bcrypt or SHA-512

[jetviper21]

That being said even the official tak login server will log your password in plain text to the servers log files.

https://github.com/cavedude00/Server....cpp#L199-L200

Another fun thing is that if you are on a mac and you run "ps aux | grep Everquest" you can see your password in plain text passed as a command line argument. So arguing security here has little merit in a system that has obvious flaws

[apio]

We are 3 days away from launch so I thought I would introduce you to our team.

http://www.p2002.com/forums/viewtopic.php?f=6&t=148

We will release 1 last huge changelog before launch, to avoid spamming the forum daily, once we are on our way there will be more frequent changelogs!

A good guide on how to get set up can be found here: http://www.rerolled.org/showthread.p...=1#post1017027

[scythic]

I just want to let everyone know I appreciate Torven as much as he appreciates himself.

[king buzzo]

is this seperate from project 1999?

[Secrets]

Quote:

Originally Posted by jetviper21 [You must be logged in to view images. Log in or Register.]

That being said even the official tak login server will log your password in plain text to the servers log files.

https://github.com/cavedude00/Server....cpp#L199-L200

Another fun thing is that if you are on a mac and you run "ps aux | grep Everquest" you can see your password in plain text passed as a command line argument. So arguing security here has little merit in a system that has obvious flaws

It's an option and if it's a security concern I will personally remove it.

It's no different than the plaintext passwords being sent on the client to the EQ server, though that's more of a client restriction.

[mr_jon3s]

I would love to play a 2002 server but with no boxing.

[kain200]

I tried to register on the forums but i'm not getting the activation email. I even did a thing where you can get it to resend another email and I didn't get that one either. I hope this gets resolved i'm looking forward to playing on friday!

[Wharhog]

Takes a little bit, it will be there shortly