So we should finally discuss this properly, in the public eye instead of behind closed doors. Most people probably know I'm against a login-based system, while I know most others are for it. I think we should come to a decision before people spend time on things that might not be used (eg the entire stats portion..)
The way I see it, a login-based system provides authentication (proving a user is who they say they are) along with authorization (being able to check if the user has special access to certain permissions/things). A key-based system would only allow us authentication, which IMO is all we really need.
I know some people are wishing for a "dew ID" kind of system where you can claim your ingame name and nobody else can use it, along with permitting special things for this ID (such as special armor effects for devs etc), I'm not really for that -- I do this work because I enjoy doing it, not because I want to be rewarded in any way. For ingame names I always wanted a system sort of like steams, where players are identified by some other unique attribute other than their name, so their ingame name could be anything they want even if it's already taken.
The beauty of ED right now is that someone can easily take our code, edit a single int and they'd have their own fork of ED running fine separate from our main ED. In seconds they could spin up a master server with Docker and even have a server list for their game up and running.
If we were to make it use a login-based system I can see the server setup being a lot more complicated, you'd have to make sure that your server is secure and there's no way for anyone to steal the user database, and I doubt many people would be able to make their servers reasonably secure enough.
The main issue I see with a login based system is that no matter what we'll need a central server to store the user database, maybe this could be supplemented with other servers sharing the same data etc, but then that brings the risk of the data being stolen up by quite a lot.
I don't see why we should have to worry about keeping data secure when we don't even need that data in the first place, like said above we only really need to authenticate the user, and with a crypto based system we can do that easily without needing to store any data ourselves. Master servers put up by the community wouldn't need us to share any secret key with them or anything, they'll be able to work as a single unit without needing any connection to us.
The only real issue I can see with a crypto based system is key loss, and that could easily be solved by allowing master servers to store the users private key (encrypted with a password) tied with their email address. This way masters won't be storing any sort of password hash, only an encrypted version of the players private key. If the user loses their key they can request the master to send it to them, and the master could send that encrypted key blob to the users email (which makes sure the only recipient is the actual owner of the key), the user would copy this blob as "keyrecovery.txt" into the ED folder, and then ED would ask them for the password for the key (ensuring the key is decrypted by the client, instead of having the password sent to the server for decryption).
I'd be fine with this way, it's a lot like a login-based system except there's no passwords or password hashes stored, and all the masters could hold these encrypted private keys instead of needing to rely on a central server. With reasonable enough encryption it would make bruteforcing/decrypting these encrypted keys very hard and CPU heavy compared to simply cracking a password hash, meaning if a dump of these encrypted keys got out they'd have a much lower chance of being cracked versus a dump of password hashes.
Anyway I don't want to push my views on people, this is a community based project so I'd like to hear peoples thoughts on this.
So we should finally discuss this properly, in the public eye instead of behind closed doors. Most people probably know I'm against a login-based system, while I know most others are for it. I think we should come to a decision before people spend time on things that might not be used (eg the entire stats portion..)
The way I see it, a login-based system provides authentication (proving a user is who they say they are) along with authorization (being able to check if the user has special access to certain permissions/things). A key-based system would only allow us authentication, which IMO is all we really need.
I know some people are wishing for a "dew ID" kind of system where you can claim your ingame name and nobody else can use it, along with permitting special things for this ID (such as special armor effects for devs etc), I'm not really for that -- I do this work because I enjoy doing it, not because I want to be rewarded in any way. For ingame names I always wanted a system sort of like steams, where players are identified by some other unique attribute other than their name, so their ingame name could be anything they want even if it's already taken.
The beauty of ED right now is that someone can easily take our code, edit a single int and they'd have their own fork of ED running fine separate from our main ED. In seconds they could spin up a master server with Docker and even have a server list for their game up and running.
If we were to make it use a login-based system I can see the server setup being a lot more complicated, you'd have to make sure that your server is secure and there's no way for anyone to steal the user database, and I doubt many people would be able to make their servers reasonably secure enough.
The main issue I see with a login based system is that no matter what we'll need a central server to store the user database, maybe this could be supplemented with other servers sharing the same data etc, but then that brings the risk of the data being stolen up by quite a lot.
I don't see why we should have to worry about keeping data secure when we don't even need that data in the first place, like said above we only really need to authenticate the user, and with a crypto based system we can do that easily without needing to store any data ourselves. Master servers put up by the community wouldn't need us to share any secret key with them or anything, they'll be able to work as a single unit without needing any connection to us.
The only real issue I can see with a crypto based system is key loss, and that could easily be solved by allowing master servers to store the users private key (encrypted with a password) tied with their email address. This way masters won't be storing any sort of password hash, only an encrypted version of the players private key. If the user loses their key they can request the master to send it to them, and the master could send that encrypted key blob to the users email (which makes sure the only recipient is the actual owner of the key), the user would copy this blob as "keyrecovery.txt" into the ED folder, and then ED would ask them for the password for the key (ensuring the key is decrypted by the client, instead of having the password sent to the server for decryption).
I'd be fine with this way, it's a lot like a login-based system except there's no passwords or password hashes stored, and all the masters could hold these encrypted private keys instead of needing to rely on a central server. With reasonable enough encryption it would make bruteforcing/decrypting these encrypted keys very hard and CPU heavy compared to simply cracking a password hash, meaning if a dump of these encrypted keys got out they'd have a much lower chance of being cracked versus a dump of password hashes.
Anyway I don't want to push my views on people, this is a community based project so I'd like to hear peoples thoughts on this.