Complete.Org: Mailing Lists: Archives: freeciv-dev: January 2003:
[Freeciv-Dev] Re: new connect dialog (ver 4) (PR#1911) 		Home

[Freeciv-Dev] Re: new connect dialog (ver 4) (PR#1911)

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: kaufman@xxxxxxxxxxxxxxxxxxxxxx
Cc: freeciv-dev@xxxxxxxxxxx
Subject: [Freeciv-Dev] Re: new connect dialog (ver 4) (PR#1911)
From: "ChrisK@xxxxxxxx via RT" <rt@xxxxxxxxxxxxxx>
Date: Sun, 19 Jan 2003 06:24:38 -0800
Reply-to: rt@xxxxxxxxxxxxxx 
On Sat, Jan 18, 2003 at 04:02:28PM -0800, Mike Kaufman via RT wrote:
> 
> To allay security concerns, this 
> is what happens: the server, when allowing the client to join_game, sends a 
> filename 
> that it can write to to the client in the packet_join_game_reply packet. The 
> client 
> then writes a random number to this file and sends the number back to the 
> server. The 
> server compares the number it got with the one in the file. If they match, it 
> give 
> the client's connection hack. It then deletes the file.  (If anybody thinks
> this isn't enough, speak up). 

Why isn't it sufficient to bind the server only to the loopback interface,
e.g. with the recently posted freeciv-bindip-patch?

Christian

-- 
Christian Knoke     * * *      http://www.enter.de/~c.knoke/
* * * * * * * * *  Ceterum censeo Microsoft esse dividendum.
[Prev in Thread] Current Thread [Next in Thread]