[Freeciv-Dev] Re: client/server authentication (PR#1767)
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Wed, Jul 24, 2002 at 10:27:42AM -0500, Mike Kaufman wrote:
> On Wed, Jul 24, 2002 at 05:03:41PM +0200, Raimar Falke wrote:
> >
> > Per? Any comments from you?
>
> Yes, per, like to hear from you.
>
> > Reading the code:
> > - AUTH_VERIFY_BAD packets should empty packets
>
> I disagree. There's no point in adding an additional packet just for
> this.
The idea was to remove this enum altogether. We have server->client:
bad-passwd and please-send-passwd. client->server: create-new-user and
my-passwd.
IMHO we should remove please-send-passwd and merge my-passwd into
PACKET_REQUEST_JOIN_GAME.
> > - AUTH_VERIFY_NEW is useless since the client GUI can check for
> > correct double input
>
> Interesting. Good idea. server doesn't have to know.
>
> > - a lot of minor objections:
> > - "guest" should not be hardcoded
>
> yes it absolutely should. There _must_ be a way for the server to
> understand that a connection doesn't want to authenticate itself. We're
> trying to get _away_ from the idea that you need a certain login name
> (or username for you) to play a certain player. that's what 'take',
> 'join' and autoassociate is for.
I wasn't clear.
$ grep guest authentication.diff
+ _("Couldn't create the database entry, accepting as 'guest'."));
+ sz_strlcpy(pconn->login, "guest");
+ if (strcasecmp(req->name, "guest") != 0) {
+ sz_strlcpy(pconn->login, "guest");
+ } else if (mystrncasecmp(req->name, "guest", 5) == 0) {
+ if (mystrcasecmp(pconn->login, "guest") == 0) {
there should be a
bool is_guest_name(char *)
or
char *get_guest_name()
> > - create_database_entry should be user_db_create and so on
>
> uh, why?
> I'm certainly willing to entertain name changes (all over the place),
> but I'd like some rationale.
[ This may start another long discussion ]. IMHO we should go for the
<object>_<action> type of name in the long run. I'm already use this
in my code (last one was the foobar(s)_free change). Also database is
to general. There may for example a game database in the future.
> > - you should update the comments for game.*_connections
>
> they're actually correct now. They weren't before.
Then I would like to see the definitions you gave in the previous mail
in the code. And a state diagram my also be nice (not sure if this is
required).
> > What is the distinction between username and login?
>
> there is no distinction. (except that it should not be confused with a
> the answer to `whoami`). The use of "login" however, makes it very clear
> what the field is used for.
> I consider "username" deprecated.
I agree. Than let us remove player->username.
Raimar
--
email: rf13@xxxxxxxxxxxxxxxxx
"Sit, disk, sit. Good boy. Now spin up. Very good. Here's a netscape
cookie for you. Fetch me some data. Come on, you can do it. No, not that
data. Bad disk. Bad."
-- Calle Dybedahl, alt.sysadmin.recovery
|
|
