[Freeciv-Dev] Re: client/server authentication (PR#1767)

["Raimar Falke" <rf13@xxxxxxxxxxxxxxxxx>]

On Thu, May 08, 2003 at 02:57:44PM -0700, Mark Metson wrote:
> 
> 
> On Thu, 8 May 2003, ChrisK@xxxxxxxx wrote:
> 
> > Yes. But saving a password in clear text in a script or rc file is also
> > silly. Mark is not concerned about security on his machine (whatever this
> > means) but about the hassle to enter the password.
> 
> What it means is if someone physically gets at my keyboard I have plenty 
> more things to worry about than that they might mess with my FreeCiv game. 
> Same with lots of people. Some folk maybe even have their E-Currency 
> account usernames and passwords stashed in their browser. The assumption 
> is that if someone gets onto your machine as you you're screwed. For 
> example they could read your notes files in which you stash all kinds of 
> valuable passwords.

I agree.

> I'll concede that if you happen to be the kind of weirdo that sometimes 
> lets others telnet/shh to your machine you might worry about ps/top 
> showing your commandlines. So a way to keep the password from showing up 
> there would be fine. I already posted a couple of ideas around that.

It doesn't need to be a weirdo. There are reasons that give a friend
an account on your computer. There is also the case that you work on a
real multiuser environment (university for example) and you don't want
your data leaked to other users. In this case however you have to
trust the admin that he is professional and doesn't look in your
freeciv-passwd file.

        Raimar

-- 
 email: rf13@xxxxxxxxxxxxxxxxx
 "The Internet is really just a series of bottlenecks 
  joined by high speed networks."
    -- Sam Wilson