[Freeciv-Dev] Re: client/server authentication (PR#1767)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Wed, Jul 24, 2002 at 05:03:41PM +0200, Raimar Falke wrote:
>
> Per? Any comments from you?
Yes, per, like to hear from you.
> Reading the code:
> - AUTH_VERIFY_BAD packets should empty packets
I disagree. There's no point in adding an additional packet just for
this.
> - AUTH_VERIFY_NEW is useless since the client GUI can check for
> correct double input
Interesting. Good idea. server doesn't have to know.
> - a lot of minor objections:
> - "guest" should not be hardcoded
yes it absolutely should. There _must_ be a way for the server to
understand that a connection doesn't want to authenticate itself. We're
trying to get _away_ from the idea that you need a certain login name
(or username for you) to play a certain player. that's what 'take',
'join' and autoassociate is for.
how would you do this?
BTW: note that when you're playing "at home" on a non-authenicating
server, any login is acceptable.
> - create_database_entry should be user_db_create and so on
uh, why?
I'm certainly willing to entertain name changes (all over the place),
but I'd like some rationale.
> - use fopen instead of open
sure. I just pulled this from somewhere else.
> - double in comment of notify_player_ex
easily fixed.
> - you should update the comments for game.*_connections
they're actually correct now. They weren't before.
> - ...
??
>
> What is the distinction between username and login?
there is no distinction. (except that it should not be confused with a
the answer to `whoami`). The use of "login" however, makes it very clear
what the field is used for. I consider "username" deprecated.
-mike
|
|
