Complete.Org: Mailing Lists: Archives: freeciv-dev: August 1999:
Re: [Freeciv-Dev] cmdlevel: sticky and moved out of connection into pl
Home

Re: [Freeciv-Dev] cmdlevel: sticky and moved out of connection into pl

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: David Pfitzner <dwp@xxxxxxxxxxxxxx>
Cc: "freeciv-dev@xxxxxxxxxxx" <freeciv-dev@xxxxxxxxxxx>
Subject: Re: [Freeciv-Dev] cmdlevel: sticky and moved out of connection into player structure
From: Gary Moyer <garymoyer@xxxxxxxx>
Date: Mon, 23 Aug 1999 22:12:24 -0700

> Yes, this is exactly the reason for the current implementation.
> The server operator may give an enhanced commandlevel to some
> trusted person (maybe themself :-)  but on reload or reconnection
> anyone (maybe untrusted) could connect as that player.  (Which may
> have ramifications beyond the game, in terms of system security.)

That makes perfect sense.

> An enhancement which was planned, but not yet implemented, was
> to have some sort of cookie system to allow recognising previous
> users on reconnection.

A cookie would require that you login from the same machine, correct?  I don't
think that would suffice.

What about a simple password scheme using salt2 encrypted locally?  This would
fix a number of issues and prevent simple snooping attacks.  Each players
password could be stored (encrypted) in the game file.

Any thoughts?

-- Gary



[Prev in Thread] Current Thread [Next in Thread]