NwN Server and security update

[Legacy_DMSelena]

               

ultima03 wrote...

I'm very very glad that none of you is in charge of anything. Now that's an emotion.

I'm sure you can get a shot for that.

Now, where's my pix?
               
               

               
            

[Legacy_ultima03]

               

DMSelena wrote...

ultima03 wrote...

I'm very very glad that none of you is in charge of anything. Now that's an emotion.

I'm sure you can get a shot for that.

Now, where's my pix?

Well.. if you know a good program to take a 1080p screen video I'll do that so you can see that i'm serious and not trolling. My server is still under construction and I do not plan to release it before minimum one month from today, I have worked out the environment and the ruleset, I did not start the engine yet but that's the easiest part for me.
               
               

               

                     Modifié par ultima03, 07 janvier 2012 - 11:54 .
                     
                  

            

[Legacy_SHOVA]

               So, there is no server at all, yet. there is just your mod that you have been working on. Shocker, really.

Your server is safe, with or without the master server, no one will play it but you, so don't worry about it.
               
               

               
            

[Legacy_ultima03]

               

SHOVA wrote...

So, there is no server at all, yet. there is just your mod that you have been working on. Shocker, really.

Your server is safe, with or without the master server, no one will play it but you, so don't worry about it.

How would you know?
               
               

               

                     Modifié par ultima03, 07 janvier 2012 - 04:53 .
                     
                  

            

[Legacy_SHOVA]

               How do I know?

Because insulting the people who contribute here is not the best way to attract players. Word of mouth and all that.

While there are new players logging in all the time now that GoG has NWN, go ahead and take a look at all the empty servers running now. Most are nice, well done worlds to play, and most are empty. Why? because there is no DM presence, there are no players, and, no word of mouth that they are a great place to be at. So good luck with your server. Good luck attracting players, and good luck with the master server. It probably will be later this year before its back up, if it even comes back at all. Good luck with making a work around, happen, maybe you will use Funky's, Maybe you'll write your own. I doubt after your little tantrum here any of the nice folks who you insulted will be jumping to offer you anything. I know I won't. I know that I won't bother to try your server when, or if it does come online. And, I know I'm not the only one.
               
               

               
            

[Legacy_ultima03]

               

SHOVA wrote...

How do I know?

Because insulting the people who contribute here is not the best way to attract players. Word of mouth and all that.

While there are new players logging in all the time now that GoG has NWN, go ahead and take a look at all the empty servers running now. Most are nice, well done worlds to play, and most are empty. Why? because there is no DM presence, there are no players, and, no word of mouth that they are a great place to be at. So good luck with your server. Good luck attracting players, and good luck with the master server. It probably will be later this year before its back up, if it even comes back at all. Good luck with making a work around, happen, maybe you will use Funky's, Maybe you'll write your own. I doubt after your little tantrum here any of the nice folks who you insulted will be jumping to offer you anything. I know I won't. I know that I won't bother to try your server when, or if it does come online. And, I know I'm not the only one.

Emotions.
               
               

               

                     Modifié par ultima03, 07 janvier 2012 - 05:35 .
                     
                  

            

[Legacy_Lightfoot8]

               With  everything being thrown around in this thread and I think you have missed the Main points, That have been said or hinted at several times.  

1. The MasterServer was never secure.

2. Even if the Master Server comes back On-Line It Most likely not be any more secure then before, without doing a patch to the clients.

3. There are going to be no more patches.

4. Even If the master server comes back On-Line you are a fool if you put your faith in it.  

5. There are way to secure your server that are better then the MSA.

Of cource you call the more secure systems weak work arounds. I guess that is your choice. It still does not change the facts.  

If you have seen some bad systems implemented on other servers, It is a lack a logic to say no alternate system is good.
               
               

               
            

[Legacy_Skildron]

               

Lightfoot8 wrote...

With  everything being thrown around in this thread and I think you have missed the Main points, That have been said or hinted at several times.  

1. The MasterServer was never secure.

2. Even if the Master Server comes back On-Line It Most likely not be any more secure then before, without doing a patch to the clients.

3. There are going to be no more patches.

4. Even If the master server comes back On-Line you are a fool if you put your faith in it.  

5. There are way to secure your server that are better then the MSA.

Of cource you call the more secure systems weak work arounds. I guess that is your choice. It still does not change the facts.  

If you have seen some bad systems implemented on other servers, It is a lack a logic to say no alternate system is good.

Thanks, Lightfoot, for summing up the useful content between lots of pointless postings. Now let common sense take over again, please.

Greetings
Skildron
               
               

               

                     Modifié par Skildron, 07 janvier 2012 - 05:58 .
                     
                  

            

[Legacy_ultima03]

               

Lightfoot8 wrote...

With  everything being thrown around in this thread and I think you have missed the Main points, That have been said or hinted at several times.  

1. The MasterServer was never secure.

2. Even if the Master Server comes back On-Line It Most likely not be any more secure then before, without doing a patch to the clients.

3. There are going to be no more patches.

4. Even If the master server comes back On-Line you are a fool if you put your faith in it.  

5. There are way to secure your server that are better then the MSA.

Of cource you call the more secure systems weak work arounds. I guess that is your choice. It still does not change the facts.  

If you have seen some bad systems implemented on other servers, It is a lack a logic to say no alternate system is good.

Anyone can enter any account without knowing the password. Period. Now I can go and make a lot of companies laugh about this joke. If MSA has any security breach, bioware/atari must secure it as a priority or cut the entire traffic. And when the MSA falls like time to time before, after the timeout it shouldnt  grant access to servers like it always did. Now you say that checking Account/Keys and password matching require client patch? And yes pretending that the first to enter an account is the legitimate owner as the workaround of that funky guy declare is completly wrong.
               
               

               

                     Modifié par ultima03, 07 janvier 2012 - 06:41 .
                     
                  

            

[Legacy_wyldhunt1]

               

ultima03 wrote...

Lightfoot8 wrote...

With  everything being thrown around in this thread and I think you have missed the Main points, That have been said or hinted at several times.  

1. The MasterServer was never secure.

2. Even if the Master Server comes back On-Line It Most likely not be any more secure then before, without doing a patch to the clients.

3. There are going to be no more patches.

4. Even If the master server comes back On-Line you are a fool if you put your faith in it.  

5. There are way to secure your server that are better then the MSA.

Of cource you call the more secure systems weak work arounds. I guess that is your choice. It still does not change the facts.  

If you have seen some bad systems implemented on other servers, It is a lack a logic to say no alternate system is good.

Anyone can enter any account without knowing the password. Period.

Right.... Except for the fact that they can't. Not really. The moment they try to log in to a server or do anything, their cd key is banned. Your +3 Imaginary Pixel Sword is safe. Your account is safe because no one else can use it.
We have ways to make sure that it's you other than the MSA password. Better ways.
               
               

               
            

[Legacy_WhiZard]

               

wyldhunt1 wrote...
Right.... Except for the fact that they can't. Not really. The moment they try to log in to a server or do anything, their cd key is banned. Your +3 Imaginary Pixel Sword is safe. Your account is safe because no one else can use it.
We have ways to make sure that it's you other than the MSA password. Better ways.

I think ultima03 is distinguishing between the account and the online play.  The account holds some records like server activity, buddies, and potentially other information which the module will have no way of protecting against.
               
               

               
            

[Legacy_Lightfoot8]

               

ultima03 wrote...

Anyone can enter any account without knowing the password. Period.

correct,  and that has not changed from even when the MS was up and running.  unless you where using other means to secure server, over and above the standard ones.    
 

Now I can go and make a lot of companies laugh about this joke.

a lot already have.  If you want to be the type that spends there life pointing out the short commings and mistakes of others, That is your choice.

If MSA has any security breach, bioware/atari must secure it as a priority or cut the entire traffic.

You are allowed to have that opinion.  But it is bioware/atari that decides that not you.  A better question is why are you complaining to us about it.  Bioware/Atari do not watch  the boards here.  it could be a year befor any of them see your post.  As stated in my first post here. If you want to file a complaint use the support link given for the game.  Since you ingnored my direct link, it is listed in the NWN section on the page here --> http://www.bioware.com/games/legacy  

And when the MSA falls like time to time before, the entire traffic should be cut imediatly aswell.

That  is an option even now.  It only takes one .ini setting. 

Now you say that checking Account/Keys and password matching require client patch?

That I simply choose not to go into any farther.  You can take my word for it or not.  It does not really matter to me.  

[/quote]And yes pretending that the first to enter an account is the legitimate owner as the workaround of that funky guy declare is completly wrong.
[/quote]

I agree, With that.  I also dout that is the method that funky used himself.   I was however very nice of him to post that solution as quickly as he did someone asked for help.  Asking for help is something I have not seen you do yet,  You are just making demands that can not be meet by the people you are asking.  But you also, dont seem to understand that you are demanding in the wrong place.  

As far as the CD Keys, I do not know about you, but I have about 5 years of server logs that tell me exsactly who belong to what CD-key/account, So there is no guess work as to what CD-key/Keys owns an account.  If in your case you have no logs since you simply have no Server Side vault.   The first person to open a Playername on your server is the owner,  Is that a problem?  

You really would have gotten a lot farther if you asked for help on securing you server and pointing out the short commings that you wanted to overcome in systems that you have looked at.    This constant demanding has just erned you the right to be ingnored,  At least for the time being.    

You are also just helping to clutter up this thread for people who just may have a legitiment question.    
               
               

               
            

[Legacy_Balduvard]

               ultima is correct in that, without an operating Master Server, no account is entirely protected from abuse. However, for those servers who have implemented workarounds, the accounts of their players are entirely protected. The loose end is, as ultima mentioned, the assumption that the first login of any given account is legitimate. It is not an unsound assumption, and without a more convoluted and player unfriendly authorization system, it is frankly the most reasonable assumption to make. To be exploited, the offender would have to know both the account name and have precognitive knowledge of what server that account would next log into (I'm sure the psychic trolls out there have more profitable targets to pursue).

Oh, but wait, our player account protection does not actually end with the password. In order for such an attack to be successful, wherein the offender manages to log into a server before the proper owner of the account does, or tries to log into the server after the account owner has failed to set a password, they would have to possess the exact CD Key of the account owner. Why? Because in addition to offering password protection, each account is tied to a single CD Key (reference Funky's provided scripts) unless otherwise authorized (which the real account owner will immediately discover on their first login to the server, permitting a red flag to be brought to the attention of server admins to handle the offending CD/IP).

Is the system foolproof? Hardly. But the comparatively negligible chance of abuse with it in play is vastly preferable to the alternative you so adamantly espouse in this thread as being a grave security risk--few would disagree with that, but many realized long ago that the situation would not change in a time span we were comfortable with.

Bottom line, you want BioWare to make immediate and rectifiable change to the situation with the Master Server? Hire a lawyer and try to find some breach of contract to take them to court over (good luck on that though), otherwise they can just as well tell you to go pound sand.

In the meantime, the community does as it always has to maintain and improve upon the integrity of this game.
               
               

               

                     Modifié par Balduvard, 07 janvier 2012 - 07:30 .
                     
                  

            

[Legacy_NWN DM]

               

ultima03 wrote...

Ok people I understand your point. Wich I completly disagree with. But anyway thanks for your inputs and insight, was not helpful but I appreciate the effort. Now I'll just wait for an official input (if any). thanks.

And here I was hoping you'd do your waiting quietly.

Once again the internet has shown me that I am far to optmistic in my outlook.
               
               

               
            

[Legacy_DMSelena]

               I say again: where's my pix? Pix or I don't believe in the Sword of Server Killing. There's this thing called Print Screen you can use. It comes with your computer. Look on the keyboard. Also, there's also a thing called Google, which could solve a lot of your problems ranging from not being able to find your own Fraps like a big boy, to answering all your concerns about server security. You should check it out, bro. It's all the rage among the cool kids.

But you know, now that I think about it, until you figure out how to screencap and Google, I recommend -- for your own safety -- that you avoid using anything that can hold an electrical charge.

- S.