(privacy concerns and backups) |
(possible solution to privacy issues) |
||
| Line 21: | Line 21: | ||
== Privacy Concerns == | == Privacy Concerns == | ||
Quiche_on_a_leach pointed out the privacy issues of this hosting transfer in [http://forums.themanaworld.org/viewtopic.php?f=12&t=6709 this forum thread]. The account&passwords file of eAthena has passwords in clear text, for example. | Quiche_on_a_leach pointed out the privacy issues of this hosting transfer in [http://forums.themanaworld.org/viewtopic.php?f=12&t=6709 this forum thread]. The account&passwords file of eAthena has passwords in clear text, for example. | ||
=== Anonymizing the password list === | |||
A possible solution would be to use a script to convert all passwords in the database to their SHA hashes and then pass the file to the new hoster. Then we could either provide a web-based applet where every user can provide his old password to reset the password of the account or we could add the SHA password encryption to eAthena. The latter solution would be easier for the user and also improve the users privacy in the long run. | |||
== Backups == | == Backups == | ||
To decrease vulnerability to the sudden loss of one hoster I would recommend that daily updates of every hosted service are stored on the other servers when possible. That way it should be easy to transfer a service temporarily to another hoster without complete loss of data (just remember the time when the forum and the wiki went down and noone knew what happened or if there were any backups). | To decrease vulnerability to the sudden loss of one hoster I would recommend that daily updates of every hosted service are stored on the other servers when possible. That way it should be easy to transfer a service temporarily to another hoster without complete loss of data (just remember the time when the forum and the wiki went down and noone knew what happened or if there were any backups). | ||
Revision as of 15:08, 6 May 2009
The Mana World is a large project, and requires several hosting services. From Jan 2006 (not exactly sure) until May 2009, mostly everything was hosted on platinum, provided by Platyna. Since then, she has decided that she no longer wanted to host us. We are now planning on moving services to other hosts. A possible distribution would be as follows:
www.themanaworld.org b_lindeijer forums.themanaworld.org (phpBB3) trapdoor wiki.themanaworld.org (MediaWiki) trapdoor mantis.themanaworld.org (Mantis) trapdoor server.themanaworld.org (eAthena) AnonDuck testing.themanaworld.org (eAthena) AnonDuck updates.themanaworld.org (update host) AnonDuck Git repositories gitorious.org
The idea of spreading things out is to avoid any single point of failure. I intend to host the main website at nearlyfreespeech.net, for maximum uptime. trapdoor has a fast dedicated server that should work fine for the forums, wiki and bug tracker. AnonDuck provides a Xen-based virtual machine that we can configure for running eAthena (and probably tmwserv too), which is relatively easy to move when necessary.
In the future we will probably also set up tmwweb on AnonDuck's host.
Comments welcome. --Bjørn 12:16, 6 May 2009 (UTC)
Privacy Concerns
Quiche_on_a_leach pointed out the privacy issues of this hosting transfer in this forum thread. The account&passwords file of eAthena has passwords in clear text, for example.
Anonymizing the password list
A possible solution would be to use a script to convert all passwords in the database to their SHA hashes and then pass the file to the new hoster. Then we could either provide a web-based applet where every user can provide his old password to reset the password of the account or we could add the SHA password encryption to eAthena. The latter solution would be easier for the user and also improve the users privacy in the long run.
Backups
To decrease vulnerability to the sudden loss of one hoster I would recommend that daily updates of every hosted service are stored on the other servers when possible. That way it should be easy to transfer a service temporarily to another hoster without complete loss of data (just remember the time when the forum and the wiki went down and noone knew what happened or if there were any backups).
