[Freeciv-Dev] Re: authentication required (was: The guy from .algonet.se)

[Reinier Post <rp@xxxxxxxxxx>]

  Vasco,

> A lot of good ideas were said here about this problem.  As a former MUD
> administrator, i have some experience on the problems of nasty players
> wreaking havok on a game... :(

Hmm, that is useful.
 
> IP banning is good, there is alot of experience on MUDs of using
> unique/network level IP banning and it usually works fairly well.  However
> in the near future this measure will weaken more and more as even your TV
> will probably have its own unique IP and dynamic IPs do their tricks. (*)
> 
> Using the player's unique cookie to ban him is useless, he can just erase
> the configuration file and generate a new cookie.

Yes.  But What about IP banning and cookie-based ban *lifting*.  Of
course people can steal/copy cookies, but I don't think it will be a
problem in practice.

> Why not just disallow the use of the /remove command? I personally find it
> kinda useless.  Oh, yeah, the /disconnect command also. (*)

Sometimes, games on civserver.freeciv.org are blocked by people who just
forget to disconnect.  The /remove command is indispensable in getting rid
of them (if /cut actually works, we could use it but it doesn't seem to).

> /quit and /save should only be allowed by the user which launched the
> server (admin),

This is already the case (they are at 'hack' cmdlevel, which gives you
everything that is available on the server command prompt).

> '/save' can be used to lag the server (MUD players used to
> do that) if you keep saving the game over and over.

Not to mention that it can be used to destroy arbitrary files (those
that the user running civserver can write).

> This way, the game
> should be autosaved with a unique ID/name, players can then continue the
> game of that ID (this ID should of course be mentioned to all players).

Yes, the server should have a cookie too.  This could also be used to
automate the transition to a different host (which is no longer a big
problem in practice now that we have the gameservers).

> There should be a unique directory to save games, players should not be
> allowed to save games in any other directory. (*)

Good point.

> This is probably also already implemented.

The unique directory is implemented in the wrapper script used to run
the gameservers.

> Games not played for over 1 week (for example) should be erased from the
> save directory. (*)

Also implemented in a separate cleanup script.

It could be argued that many of the things these auxiliary tools do should
be in the civserver software itself, but I have given up proposing any
changes that affect other people's code, it's too difficult to get them
tested, debugged, and in a state where they are ready for CVS, so I use
wrappers instead.

> If we really want a safe way to "mark" one as admin: we could use RSA or
> another public key based authentication method.

Daniel Burrows's patch will allow this, I believe.

-- 
Reinier