[Freeciv-Dev] Re: client/server authentication (PR#1767)

["Raimar Falke" <rf13@xxxxxxxxxxxxxxxxx>]

On Thu, May 08, 2003 at 12:22:17PM -0700, ChrisK@xxxxxxxx wrote:
> On Thu, May 08, 2003 at 11:36:39AM -0700, Raimar Falke wrote:
> > On Thu, May 08, 2003 at 08:53:19AM -0700, Mike Kaufman wrote:
> > > On Thu, May 08, 2003 at 03:31:28AM -0700, Raimar Falke wrote:
> > > > For "-a" and also some other cases the user should _be able_ to save
> > > > his password in his freecivrc and the client should read it from this
> > > > location. The client shouldn't save it there. At least not without
> > > > asking the user.
> > > > 
> > > > The extra step where you type your password should be removed.
> > > 
> > > As chris mentioned, I would be willing to go for a --password option, 
> > > which
> > > if it is used, will skip the password input step and send that password to
> > > the server. 
> > 
> > Command line options are bad since they can be viewed by the other
> > users of the system. ps shows this.
> 
> Yes. But saving a password in clear text in a script or rc file is also
> silly. Mark is not concerned about security on his machine (whatever this
> means) but about the hassle to enter the password.

IMHO a password in a non-rc file is a good compromise between security
and convenience.

        Raimar

-- 
 email: rf13@xxxxxxxxxxxxxxxxx
 "Your mail could not be delivered to the following Address:
  VTCMC.VTLPR@xxxxxxxxxxxxx        ** Unassigned error message **"