[Freeciv-Dev] Re: Suggestion: libcivserver
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Wed, Feb 23, 2000 at 08:03:30PM -0500, Daniel Burrows wrote:
<snip a bunch of interesting thoughts>
> One other thought (I have too many thoughts :) ) -- is it possible that
> civserver could use a more secure method to handle certain connections, in
> particular privileged connections from the person who started the server (so
> that random people off the 'net can't connect to the server as you if your
> frontend dies) I'm wondering in particular if creating a socket in the UNIX
> filesystem domain, in a 0700 directory (~/.freeciv/sockets?), and requiring
> that particular player to reconnect on the secure socket would be sufficient;
> as I understand things, this should be kept secure by filesystem permissions
> (as secure as the filesystem is anyway, and if you lose that you're in
> deeper trouble than civserver can get you into :) )
What we really need here is a client identification. We have talked about
this before but as you can see no code has backed it up. (I am formost
to blame, I have championed this and produced no code.) The person
"controling" the civserver should not need to have a login on the machine
where it is running. Lets not limit ourselves. If we could generate a
key and store that in the .freecivrc file for the client it could then
be used to identify the client.
Down the road we could allow people to register their client id and use
that for a ranking system, but one step at a time :)
--
Paul Zastoupil
|
|