[Freeciv-Dev] Re: authentication required (was: The guy from .algonet.se)

[Vasco Alexandre Da Silva Costa <vasc@xxxxxxxxxxxxxx>]

On Tue, 21 Mar 2000, Daniel Burrows wrote:

> On Tue, Mar 21, 2000 at 09:59:55AM +0100, Reinier Post was heard to say:
> > > > Well to be accurate, only one of the class C's they have for dailups was
> > > > blocked.  I have seen him on at least 3 class C's.  While I would like
> > > > to see him go away as much as the rest of you, I think we need a better,
> > > > real solution for this kind of thing.  Ideas?

A lot of good ideas were said here about this problem.  As a former MUD
administrator, i have some experience on the problems of nasty players
wreaking havok on a game... :(

In the end, the best solution to the problem is to use a range of methods
to solve it (the ideas to be implemented IMHO are marked with (*) ):

IP banning is good, there is alot of experience on MUDs of using
unique/network level IP banning and it usually works fairly well.  However
in the near future this measure will weaken more and more as even your TV
will probably have its own unique IP and dynamic IPs do their tricks. (*)

Using the player's unique cookie to ban him is useless, he can just erase
the configuration file and generate a new cookie.

Using email addresses is another protection used in MUDs, while curbersome
it can be circumvented.  (using hotmail.com, mail.pt and the other
hundreds of free email providers).  This is usually used to good effect as
long as there is someone to filter the bogus email addresses (the
ones from free email providers).

Why not just disallow the use of the /remove command? I personally find it
kinda useless.  Oh, yeah, the /disconnect command also. (*)

/quit and /save should only be allowed by the user which launched the
server (admin), '/save' can be used to lag the server (MUD players used to
do that) if you keep saving the game over and over.  This way, the game
should be autosaved with a unique ID/name, players can then continue the
game of that ID (this ID should of course be mentioned to all players).
The game is autosaved if you /quit while a game is in progress (*)

(is the /quit command allowed?)

There should be a unique directory to save games, players should not be
allowed to save games in any other directory. (*)
This is probably also already implemented.

Games not played for over 1 week (for example) should be erased from the
save directory. (*)

If we really want a safe way to "mark" one as admin: we could use RSA or
another public key based authentication method.

---
Vasco Alexandre da Silva Costa @ Instituto Superior Tecnico, Lisboa