[crossfire] Player accounts, new player creation mechanism

Mark Wedel mwedel at sonic.net
Mon Feb 4 23:53:11 CST 2008 

  There are certainly some advantages to an account based system, including 
potentially easier banning of players.  But several points need 
addressing/clarification:

1) How are accounts created?  If a player can create an account at any time, and 
thus have a 1:1 account:character mapping, knowing number of unique players, 
etc, may be difficult.  To make this happen, may want some greater benefit for 
the characters in such a system (item trading, maybe apartments/houses are 
account based, not character based, etc).

2) Need to handle player files without accounts.  If a player logs in with one 
of those characters, are they forced to create an account?  Is account name 
space different than character namespace?  For example, if I use the name 'Mark' 
for my account, does that now prohibit characters from using that name?

3) In terms of security, one could argue accounts may make things worse.  Right 
now if I play on a 'suspect' server and that server admin looks at my character 
and gets my password, that may only let him log into 1 character on another 
server (or at least he only has information on that one character on that server 
- he would need other mechanisms to find out all the character names I play on 
the other servers).

  However, if he gets access to my account, he now has access to all my characters.

  And I think the point tchize raised using different password on different 
servers is valid - is it really any more likely I'll use different passwords for 
different accounts on different servers?  If I know my account on ailesse has 
password foobar, and account on metalforge is kumquat, it would seem I could 
remember that for individual player files just as easily.

  If security is a concern, other things should be investigated - right now, 
password from client to server are plaintext (allowing easy snooping) - it was 
decided long ago that character files are not critical enough to warrant the 
complexity of doing something like ssl.

  That said, I'm not against the idea of accounts - it could be useful.  But 
like fair number, I'd need to see some compelling reasons of how it would be 
useful and why it is more important than many other things (but like everything, 
if some developer is gung ho on doing it, who am I to stop them).  But at the 
same time, I think some of the points about account creation and legacy 
character files need to be answered.

More information about the crossfire mailing list