Complete.Org: Mailing Lists: Archives: freeciv-dev: January 2005:
[Freeciv-Dev] Re: (PR#11851) Hack request should verify userid in additi 		Home

[Freeciv-Dev] Re: (PR#11851) Hack request should verify userid in additi

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: edoverton@xxxxxxxxxx
Subject: [Freeciv-Dev] Re: (PR#11851) Hack request should verify userid in addition to random string
From: "Vasco Alexandre da Silva Costa" <vasc@xxxxxxxxxxxxxx>
Date: Tue, 11 Jan 2005 05:40:59 -0800
Reply-to: bugs@xxxxxxxxxxx 
<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >

On Mon, 10 Jan 2005, Ed Overton wrote:

> <URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >
>
> I think the Application Data change is good, too.  I'm new here and
> don't know protocol - should that be split into a separate ticket?  If
> not, should the patch be separate from the other work in this ticket?  I
> haven't got my build environment quite right yet for the win32 client,
> so there's likely someone better able to work / test that one.

Yes, it would be a good idea to split this into a different patch, since
it is a different issue.

> > The environment variable option seems *very* interesting and we didn't
> > remember of that before IIRC. It would be worthwhile to pursue that.
>
> > Just use the current code for generating the key. Don't worry about
> > encryption for now. Currently Freeciv doesn't use encryption for
> > anything, even when the client sends a user password, so...
>
> I'll take a crack at it in the next day or two.  My intent is to add the
> environment variable check to the existing filesystem check.

Oh, I would go even further than that and replace the filesystem check
altogether.

---
Vasco Alexandre da Silva Costa @ Instituto Superior Tecnico, Lisboa
[Prev in Thread] Current Thread [Next in Thread]