Complete.Org: Mailing Lists: Archives: freeciv-dev: October 2002:
[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)
Home

[Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: Freeciv-Dev <freeciv-dev@xxxxxxxxxxx>
Subject: [Freeciv-Dev] Re: connect dialog ver 3 (PR#1911)
From: Vasco Alexandre Da Silva Costa <vasc@xxxxxxxxxxxxxx>
Date: Thu, 24 Oct 2002 02:25:25 +0100 (WET DST)

On Wed, 23 Oct 2002, Jason Short wrote:

> Mike Kaufman wrote:
>
> > no, but the problem of the public servers is _not_ the problem. The real
> > problem is running a server from a client on your own box. You simply do
> > not want to give hack level access to anyone who did not actually have
> > permission to start the server. Playing games about where certain
> > connections can save savegames to is not a good solution. If I am the
> > client starting a server, then I damn well want the ability to save games
> > anywhere I please (within my own machines' permissions)...
>
> The server should not be able to save a game.  Only the client should be
> able to.  This is fundamentally more secure than relying on
> authentication or file permissions to prevent security holes.  And it is
> far more elegant.
>
> When the server tries to save a game, it generates the save data, then
> sends it to the client that requested the save.  The client can then
> save the file themselves.  Slow, but effective.
>
> The same system can be used for loading games via the 'load' command.

Yes. This should work nicely to solve that problem.

Please note here is a problem of player abuse of this feature. Some player
could deliberately make a bot that kept saving all the time to stall the
server. It is probably a good idea to only allow one save per turn per
player or something.

There still are some other hack commands we should think about how to make
suitable for general use though.

---
Vasco Alexandre da Silva Costa @ Instituto Superior Tecnico, Lisboa





[Prev in Thread] Current Thread [Next in Thread]