[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)

["Per I. Mathisen" <per@xxxxxxxxxxx>]

On Wed, 23 Oct 2002, Reinier Post wrote:
> > This means changing "save" and "load" so that they cannot overwrite
> > anything useful on the system. This should be relatively simple - restrict
> > them to a directory of theirown, and check that any files to be loaded or
> > overwritten are also freeciv savefiles. Note that this change will also be
> > necessary if load and save is ever to be implemented on civserver. The
> > same goes for loading rulesets.
>
> It requires more scrutiny to do this right.A well known security hole
> is to allow files to be used from publically writeable directories like
> /tmp, where peopple can place symlinks.

I did write "a directory of their own". That, and as long as the filename
is restricted to the set [a-z,A-Z,0-9,'-'], then security should be
foolproof by design.

> What is wrong with turning all commands to /set commands (e.g. /start
> would be an alias for /set gamestatus running) and turning the
> "server options" dialog into a bunch of editable settings?

That may not be a bad idea.

> > It is my hope that eventually any UI for the server will be unnecessary,
> > and that using its commandline will be an option used only for debugging.
>
> How do you mean?The game settings have to be determined by the users.

Yes, but from the client.

  - Per