How would a full rewrite help preventing these attacks? I feel that ditching an old (but maintained) and well tested codebase to rewrite it from scratch, would have the opposite effect and risk creating more security vulnerabilities, other than breaking compatibility with any old addons and themes. As someone once said, if it ain't broke, don't fix it.
In fact, Hercules is moving to store passwords hashed with bcrypt. You can see progress on this feature here: https://github.com/HerculesWS/Hercules/issues/74 and here: https://github.com/HerculesWS/Hercules/compare/bcrypt
The "Stress" Part Over 1.000 IndAI units (equivalent to +1k online players) will be in the server playing 24/7, farming, going to pvp, doing woe, playing battlegrounds, doing anything a player does, this will create a perfect scenario for us to debug and test Hercules.
The Development Benefits
We'll be able to keep track of performance usage 24/7, making us able to detect whenever a update increases a server's usage, allowing us to further optimise said update in order to take the processing down.
With the AI characters doing stuff non-stop 24/7 we'll be able to identify and fix any crashes existent.
Hercules will gain a super stability boost thanks to this.
How to connect / Moving in and out This is the fun part.
No new clients, and no sclient/clientinfo/blablabla edits will be required.
get to the test server by typing '@hercules warp', test whatever you like, and go back to your server with '@hercules leave'.
This technology *might* also be employed in the future by us to create hercules-hosted inter-server events.
Entirely Secure The only data your server will pass to our test server upon warp is the name of the character (and maybe hairstyle vals). The test server is unable to modify (or even access) any data on your server, it is entirely secure and damage-free.
Unique to Hercules The ability to connect through your ordinary client will be made possible by our custom server hosted over at herc.ws, the code won't be made public.
Coming I felt inspired to write about this feature, which is why this announce is out before the feature itself. This is one of the features to be powered by our Hercules Plugin Manager and will be made public once the HPM implementation reaches the level capable of sustaining it.
FAQ
what if i dont want my players to go to the test server?@hercules is a command like any other, you can restrict access by groups.conf (by default only gms will be able to use it)
what if i dont have a test server to use as a gateway to the hercules stress test server?we will also provide clients for those who don't have/want to use a server as the gateway