Re: [Freeciv-Dev] cmdlevel: sticky and moved out of connection into pla
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Artur Biesiadowski wrote:
> Gary Moyer wrote:
> >
> > This is a follow-up concerning cmdlevel.
> >
> > I looked at the code and realized this flag is not a member of the
> > player structure but rather of the connection structure.
> >
> > I believe this should option should be sticky and should be saved in the
> > game file. This makes sense when one of the players is administrating
> > the game does not have access to the game console (i.e. civserver).
>
> Remember that in case of disconnection, anybody can connect to that
> player and thus get all privilages. I'm not sure if it is important,
> just the thing to consider.
Yes, this is exactly the reason for the current implementation.
The server operator may give an enhanced commandlevel to some
trusted person (maybe themself :-) but on reload or reconnection
anyone (maybe untrusted) could connect as that player. (Which may
have ramifications beyond the game, in terms of system security.)
An enhancement which was planned, but not yet implemented, was
to have some sort of cookie system to allow recognising previous
users on reconnection.
Regards,
-- David
|
|
