[Freeciv-Dev] Re: client/server authentication (PR#1767)

["Paul Zastoupil" <paul@xxxxxxxxxxxxx>]

On Mon, May 05, 2003 at 11:56:09AM -0700, Mike Kaufman wrote:
> On Mon, May 05, 2003 at 11:39:13AM -0700, Paul Zastoupil wrote:
> > 
> > Once again, I know I'm late in this discussion and this may not even be
> > relevant, but for that I blame Petr.
> > 
> > I was thinking for pubserver.freeciv.org we would have people register
> > through a webpage.  I would really like to have an email on file.
> 
> this is perfectly fine as an addition. the servers are going to do a 
> lookup on a central database, so it doesn't really matter how exactly
> the user entries get into the database. I disagree on completely removing 
> insert code from the server. It might be warranted for a server to
> be able to disallow new logins though.

Yes, of course.  I didn't mean remove it from the code, but I would like
to disable it.

> 
> > Actually, what I was really thinking was to set up a whole different
> > server for authenticated games.  So pubserver would remain more or less
> > public for people to play wide open games with weird settings etc.  I
> > have another server we could use as "authserver".  I would like to lock
> > down the server quite a bit more.
> 
> I'm wondering what this would accomplish? Any joe off the street can log in
> and create a new account, and if they don't want to do that, they could log
> in as a guest and avoid the authenticating procedure altogether. And
> besides this, one of the motivating factors here was stopping people from
> stealing players. If you want to have a more restrictive server, you could
> remove the ability for people to login as guests.

Well, hopefully the "authserver" would be a fairly strict server in what
it allowed:  No guests, special rules about AIs, restricted server
settings etc.  It would have a more tournament atmosphere.  Then we
could leave pubserver much the way it is now.

-- 
Paul Zastoupil