[roygbiv2]

So you want the unsupported, unmanaged, not monitored game server - that will get hacked - access to the credentials database that holds emails, password, names, addresses and possibly payment details?

You also want users to contact the the OS devs when their old, unmanaged, not updated game no longer works? Or you want the users not to install important security updates because they want to play one old game?

None of what you've said really makes sense in the the enterprise IT world. AS it's already been previously stated to you, you can't just spin up a VM and host your game on it, it just doesn't work like that. There are plenty of valid reasons for that in the thread already.

[ndriscoll]

Why would a game server database have payment details or passwords or PII? That's insane to start. It's a video game server, not a bank. It shouldn't have anything important on it. Even auth is handled by platforms/stores (which are maintained) for some time now, right? So the actual game servers just receive tokens for the user?

> Or you want the users not to install important security updates because they want to play one old game?

If the OS vendor is releasing patches that break user programs, then yes. This anti-customer attitude of move fast and break (other people's) things (without their consent) needs to die.

Historically, games were designed so that you very much could just spin up a VM and host it. Has that competence been lost? I'm not seeing why things aren't designed to continue working. It's not difficult to do.

[roygbiv2]

You want separate logins to purchase dlc?

You also now want the current login severs to continue to support the old game logins and handle auth for them? So we're still supporting the old game, still maintaining it.

These old unmaintained, unmanaged servers you want to run get hacked they distribute malware to your users. Whoops, the hosting provider finds out, the business account gets locked, now nothing works.

They get hacked a different way, they start mining bitcoin, your hosting provider finds out and locks the business account, whoops, now nothing works.

They get hacked a different way, they intercept the api calls to the auth servers. They use the auth tokens to break into people's main accounts, use that for phishing attacks, steal millions of dollars. Whoops.

>it's not difficult to do.

That's the point you don't get. It is difficult. Standards change, security changes, things NEED updating or things go wrong, people lose confidence in you, you dont make any money and you go out of business.

Spin up an old version of minecaft on an old version of Linux, see how long it lasts before it all goes wrong.