|
|
|
|
|
|
by ndriscoll
905 days ago
|
|
|
Why would a game server database have payment details or passwords or PII? That's insane to start. It's a video game server, not a bank. It shouldn't have anything important on it. Even auth is handled by platforms/stores (which are maintained) for some time now, right? So the actual game servers just receive tokens for the user? > Or you want the users not to install important security updates because they want to play one old game? If the OS vendor is releasing patches that break user programs, then yes. This anti-customer attitude of move fast and break (other people's) things (without their consent) needs to die. Historically, games were designed so that you very much could just spin up a VM and host it. Has that competence been lost? I'm not seeing why things aren't designed to continue working. It's not difficult to do. |
|
|
You also now want the current login severs to continue to support the old game logins and handle auth for them? So we're still supporting the old game, still maintaining it.
These old unmaintained, unmanaged servers you want to run get hacked they distribute malware to your users. Whoops, the hosting provider finds out, the business account gets locked, now nothing works.
They get hacked a different way, they start mining bitcoin, your hosting provider finds out and locks the business account, whoops, now nothing works.
They get hacked a different way, they intercept the api calls to the auth servers. They use the auth tokens to break into people's main accounts, use that for phishing attacks, steal millions of dollars. Whoops.
>it's not difficult to do.
That's the point you don't get. It is difficult. Standards change, security changes, things NEED updating or things go wrong, people lose confidence in you, you dont make any money and you go out of business.
Spin up an old version of minecaft on an old version of Linux, see how long it lasts before it all goes wrong.