[Freeciv-Dev] Re: client/server authentication (PR#1767)

["Per I. Mathisen" <per@xxxxxxxxxxx>]

On Tue, 25 Mar 2003, Mike Kaufman wrote:
> > I think that a player with a username should be reserved for this user,
> > for example by having a password that only the server and that user's
> > client knows. Then there should be a way for the cmdlevel ctrl user to
> > make a player unassigned.
>
> I don't understand. you want to have a ctrl user be able to pick a login
> name out of the database and assign it to an AI player? That's
> unacceptable. A user should never have access to the database on that kind
> of level for one. A command that prevents players from automatically taking
> would suffice with much less fuss.

You got it backwards. I want a ctrl user be able to remove a login name
from an AI player so that it is apparent that this player is not in use by
anyone and can be "/taken" by any stray freeciver who is looking for some
instant gratification.

Eventually players should be protected so that only the original client
connection can reconnect to it unless unreserved as described above.

> > Global observation is much used on pubserver, AFAICT. It is a very nice
> > feature, both for players and for debugging. Please provide arguments why
> > this feature should not be present.
>
> 1. there's huge potential for abuse.
> 2. there's huge potential for abuse.
> 3. there's huge potential for abuse.
>
> nothing has to be decided about this now as current behavior is maintained,
> but there needs to be safeguards put into place.

This potential for abuse is stopped by the ctrl user (who can do any
amount of abuse with his ctrl priviledge anyway):

User7-potential-cheater: Can I watch the game?
User2-with-CTRL: No.
User7-potential-cheater quits the game.

If we have voting implemented it gets even better:

User7-potential-cheater starts vote for "globalobserver User7".
Vote for "globalobserver User7" failed to achieve consesus.
User7-potential-cheater quits the game.

  - Per