[Readme] Secure and protect your server

[Spirited]

Reasoning
Most donation scam servers use software from 2008 and log passwords in plain text. If you're a server owner and actually care about your players, then update your software and secure your server. This is a small guide on how to do that, and how not to be immediately labeled as a "garbage server with an owner who has no idea what they're doing".

Software
Update your damn software. AppServ from over a decade ago is not secure. A decade old pirated version of Navicat is not how people connect to MySQL. Here is a list of supported and frequently updated downloads for common software required by servers:

• : A more secure drop-in replacement for MySQL. Or just use MySQL.
• : Stop using MySQL 5.0.51 Beta from AppServ.
• : Stop using a decade old pirated version of Navicat.
• : Stop using Apache 2.2.8 from AppServ ().
• : Stop using PHP 5.2.6 from AppServ (and ideally stop using PHP).
• : Stop using Visual Studio 2010 Express for C# ().
• : A maintained packaged all-in-one solution if you must have one.

Account Security
Stop saving your players passwords in plain text. Stop returning their passwords to them via emails. It's scummy and shady as all hell. Want to protect your players? Hash their passwords. Hashes are one-direction, meaning you cannot get passwords back from a hash. Use a secure hash algorithm such as SHA-256 (). If you really want to protect players from things like dictionary attacks, use a salt (random string appended to the password before hashing). Did someone forget their password? Then send them a token to reset it. Don't send them their bloody password... geezus.

Protect your website
is free, and helps protect your website from a wide range of attacks. You can encrypt connections to your website using SSL for free, create a firewall, auto-minify JavaScript, CSS, and HTML, cache your website to reduce load, etc. Sign up and follow their step-by-step guide for setting up your account there.

Also, protect yourself: when you buy a new domain for your website, purchase "Whois Privacy". If you don't purchase that, then literally anybody can look up your full name, address, phone number, email address, etc. using a website like . Also, make sure your website's domain is non-transferable after you're done setting up your host.

What's the risk?
Don't want to update your software? Here's the risk:

• 
• 
• 
• 

But also, you risk looking like an idiot.
Have fun, and be safe about it.

[KraHen]

Pinned.

[Spirited]

Quote:

Originally Posted by KraHen

Pinned.

Thank you!

[LepEatWorld]

I currently use the latest updated version of Navicat Premium and I do not intend to use any outdated nor cracked versions. I'm just so used to Navicat, would you still recommend MySQL Workbench over it?

[Spirited]

Quote:

Originally Posted by LepEatWorld

I currently use the latest updated version of Navicat Premium and I do not intend to use any outdated nor cracked versions. I'm just so used to Navicat, would you still recommend MySQL Workbench over it?

Considering that MySQL Workbench is official and free-to-use, and Navicat is third-party and paid, I'd recommend MySQL Workbench. Navicat is a nice tool, but its only winning merit is that it can connect to other providers. For Conquer Online, I don't see any purpose in paying for/pirating a query editor. Is there a downside to using the most recent version of Navicat? Probably not? It just has the risk of being third-party. At the end of the day, if that's what you're comfortable with, then that's okay.

[turk55]

[Yupmoh]

HeidiSQL is another great tool to use if you want to replace Navicat.

[lostsolder05]

Quote:

Originally Posted by Execution!

HeidiSQL is another great tool to use if you want to replace Navicat.

I can second that.

[KraHen]

I'd honestly just use phpMyAdmin and/or command line SQL.

Oh, also :

[martoon]

Thank you Spirited for the encouragement.

[MiMoNeL]

Thanks.

[CipherXS]

Thanks Spirited!