Complete.Org: Mailing Lists: Archives: freeciv-dev: March 2000:
[Freeciv-Dev] Re: authentication required (was: The guy from .algonet.se 		Home

[Freeciv-Dev] Re: authentication required (was: The guy from .algonet.se

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: Reinier Post <rp@xxxxxxxxxx>
Cc: Freeciv developers <freeciv-dev@xxxxxxxxxxx>
Subject: [Freeciv-Dev] Re: authentication required (was: The guy from .algonet.se)
From: Daniel Burrows <Daniel_Burrows@xxxxxxxxx>
Date: Tue, 21 Mar 2000 09:08:57 -0500 
On Tue, Mar 21, 2000 at 09:59:55AM +0100, Reinier Post was heard to say:
> > > Well to be accurate, only one of the class C's they have for dailups was
> > > blocked.  I have seen him on at least 3 class C's.  While I would like
> > > to see him go away as much as the rest of you, I think we need a better,
> > > real solution for this kind of thing.  Ideas?
> 
> Daniel Burrows's patch!

  --note that I don't really have time to do more than fix bugs and keep
    up-to-date with CVS right now--

> >   Would it maybe help to give users accounts linked to email addresses?
> 
> I don't know.  Complicates the system without really solving the problem.

  Correct.  This was probably not so great an idea :)

> >   It might also help to prevent players from automatically getting command
> > access to the server until they've played some number of games (although 
> > this
> > idea needs some work for cases where, eg, several players who haven't
> > played enough games all join the same server without any command-privileged
> > players)
> 
> This is the idea of 'karma', used by IRC bots and on sites like
> www.slashdot.org.  (Robert suggested we should look at www.advogato.org
> for ideas.)  Every user gets a rating, which is affected by certain
> actions, or by explicit updates by other players, and this rating
> determines the user's privileges.  But I don't think we have nearly
> enough Freeciv players to get such a system off the ground.

  Hmm.  Yeah.

> Wouldn't it be enough to recognise a user and give him (m/f) the
> command level he had in the previous game?  The information can be
> kept per server (.civserverrc) or in a central repository.

  I think there should also be a minimum # of complete games to play before
getting automatic command access (although this has its own problems, such
as people faking games by having all the other players give up immediately..)
Some sort of waiting period, anyway; if a user can get a new privileged account
immediately it'll be too easy to abuse the system (if nothing else, just
don't grant privileges until a certain amount of real time -- say, a week --
has passed.. (you could of course create lots of accounts at once, but this
falls into the category of "very determined", which I don't think we can
do much about)
  It's definitely a tricky problem; I'm not sure any of the methods I just
suggested in the above paragraph are effective. :-\

> >  (and yes, I'm afraid this probably qualifies as a subtle plug for the auth
> >   patch..)
> 
> Yes, we need that.  With cookie-based authentication (with or without a
> password) we can set up a blacklist system: IP ranges can be on the ban
> list, individual users (as identified by their cookies, stored in
> .civclientrc or a similar file) can be on the allow list, overriding
> the IP-based ban.  The same system can be used to determine cmdlevels.

  I like that idea :)  You could also use it to store meta-information about
players (eg, track ratings (not karma ratings, but relative abilities, like
chess; eg, I would be about 800 :) ))

  Daniel

-- 
Imagine if every Thursday your shoes exploded if you tied them the usual
way.  This happens to us all the time with computers, and nobody thinks of
complaining.
                -- Jeff Raskin
[Prev in Thread] Current Thread [Next in Thread]