Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2003:
[Freeciv-Dev] Re: client/server authentication (PR#1767)

[Freeciv-Dev] Re: client/server authentication (PR#1767)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	kaufman@xxxxxxxxxxxxxxxxxxxxxx
Subject:	[Freeciv-Dev] Re: client/server authentication (PR#1767)
From:	"Paul Zastoupil" <paul@xxxxxxxxxxxxx>
Date:	Mon, 5 May 2003 11:39:13 -0700
Reply-to:	rt@xxxxxxxxxxxxxx

On Mon, May 05, 2003 at 11:31:45AM -0700, Raimar Falke wrote:
> On Mon, May 05, 2003 at 07:43:04AM -0700, Mike Kaufman wrote:
> > > When the user enters an empty password, she is asked to confirm it instead
> > > of being rejected. The confirm step should be skipped in this case IMHO.
> > 
> > hmm, this is Raimar's fault [mainly] since he wanted password confirmation
> > in the client rather than the server, and I don't think I want to fix this
> > since I agree with him. Only the server knows that a blank password is
> > illegal. On some servers, this might not be the case. We don't want to put
> > this information in the client.
> 
> I agree this isn't an easy problem. We currently don't test the user
> name and the city name at the client. We currently test the leader
> name at the client. For testing at the server speaks a better
> interface because you usually destroy the dialogs after you sent the
> packet and don't wait for the results. That the client has more
> knowledge than it needs to be is a reason against testing at the
> client.
> 
> I think we agree that the server has the rule over the decision if a
> certain input (name or password) is allowed or not. I think we also
> agree that even if the client does checks the client needs to be able
> to cope with a rejection of the server. (I'm not sure if this is the
> case for the nation selection dialog.)
> 
> I think that we should use is_sane_name (which is a very basic check)
> for user-name, city-name and also the password.

Once again, I know I'm late in this discussion and this may not even be
relevant, but for that I blame Petr.

I was thinking for pubserver.freeciv.org we would have people register
through a webpage.  I would really like to have an email on file.

Actually, what I was really thinking was to set up a whole different
server for authenticated games.  So pubserver would remain more or less
public for people to play wide open games with weird settings etc.  I
have another server we could use as "authserver".  I would like to lock
down the server quite a bit more.

Blah blah, I'm rambling, but I wanted to get these ideas out in the
community before I forget them, I'm working on very little sleep here ;)

-- 
Paul Zastoupil

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] Re: client/server authentication (PR#1767), (continued)
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Mark Metson, 2003/05/08
  - Message not available
    - [Freeciv-Dev] Re: client/server authentication (PR#1767), ChrisK@xxxxxxxx, 2003/05/08
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Mark Metson, 2003/05/08
- [Freeciv-Dev] Re: client/server authentication (PR#1767), Mark Metson, 2003/05/08

Prev by Date: [Freeciv-Dev] Re: client/server authentication (PR#1767)
Next by Date: [Freeciv-Dev] Re: What we can learn from MOO3
Previous by thread: [Freeciv-Dev] Re: client/server authentication (PR#1767)
Next by thread: [Freeciv-Dev] Re: client/server authentication (PR#1767)
Index(es):
- Date
- Thread