Complete.Org: Mailing Lists: Archives: freeciv-dev: March 2000:
[Freeciv-Dev] authentication required (was: The guy from .algonet.se)
Home

[Freeciv-Dev] authentication required (was: The guy from .algonet.se)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: freeciv-dev@xxxxxxxxxxx (Freeciv developers)
Subject: [Freeciv-Dev] authentication required (was: The guy from .algonet.se)
From: Reinier Post <rp@xxxxxxxxxx>
Date: Tue, 21 Mar 2000 09:59:55 +0100

> > Well to be accurate, only one of the class C's they have for dailups was
> > blocked.  I have seen him on at least 3 class C's.  While I would like
> > to see him go away as much as the rest of you, I think we need a better,
> > real solution for this kind of thing.  Ideas?

Daniel Burrows's patch!
 
>   Would it maybe help to give users accounts linked to email addresses?

I don't know.  Complicates the system without really solving the problem.

>   It might also help to prevent players from automatically getting command
> access to the server until they've played some number of games (although this
> idea needs some work for cases where, eg, several players who haven't
> played enough games all join the same server without any command-privileged
> players)

This is the idea of 'karma', used by IRC bots and on sites like
www.slashdot.org.  (Robert suggested we should look at www.advogato.org
for ideas.)  Every user gets a rating, which is affected by certain
actions, or by explicit updates by other players, and this rating
determines the user's privileges.  But I don't think we have nearly
enough Freeciv players to get such a system off the ground.

Wouldn't it be enough to recognise a user and give him (m/f) the
command level he had in the previous game?  The information can be
kept per server (.civserverrc) or in a central repository.

>   This obviously won't work right now, but the server and client could be
> modified to support (not require!) this sort of authentication in future
> versions, perhaps?..

Definitely!
 
>  (and yes, I'm afraid this probably qualifies as a subtle plug for the auth
>   patch..)

Yes, we need that.  With cookie-based authentication (with or without a
password) we can set up a blacklist system: IP ranges can be on the ban
list, individual users (as identified by their cookies, stored in
.civclientrc or a similar file) can be on the allow list, overriding
the IP-based ban.  The same system can be used to determine cmdlevels.

>   Daniel

-- 
Reinier



[Prev in Thread] Current Thread [Next in Thread]