As I said, I'm really not fretted if you don't want to listen. Given that WebShaman has already confirmed what I have said repeatedly, and is in no way, shape, or form related to me or my PW, it's a little hard to compass who you'd consider to be outside my 'circle' - apparently my powers of influence are grander than I'd ever imagined.
'> Never mind that I've already told you where you can find more information on this. If you really don't understand why I'm not going to discuss it on a public forum, there's no point in explaining it to you.
As for authenticating passwords after they have an active connection, it is not a very bad idea. It is in fact a very, very good idea, if you're as interested in the security of your players as you profess, because it is the only substantive, proactive protection you can give them from account theft. It does not require the use of an entry server, and an entry server will not protect you or your players from this risk. Whatever it is you think you understand about 'other lore', you are seriously out of your depth here.
Furthermore, if you've never had a break-in, why all the confidence about MS protection being superior to serverside cd-key verification and passwording? Your security - and calling it that is rather generous - has never even been given a chance to fail. Fail it would, in spectacular fashion, since you rely on the MS. Ours, by contrast, has evolved in response to repeated attacks, and includes our own nwnx plugin - a plugin that is the only protection out there against one serious threat.
Before you make more inane accusations of grade-school antics, we only distribute the plugin to confirmed server ops running linux, because there is no windows port, and the plugin reveals the nature of the security threat. We've distributed it to around 10 ops so far, and you're welcome to it as well if you're running linux.
In summary: you should not rely on the MS for security, and MS downtimes are simply not a reason to cancel scheduled events.
Funky
