Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2005:
[Freeciv-Dev] (PR#11851) Hack request should verify userid in addition t 		Home

[Freeciv-Dev] (PR#11851) Hack request should verify userid in addition t

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: edoverton@xxxxxxxxxx
Subject: [Freeciv-Dev] (PR#11851) Hack request should verify userid in addition to random string
From: "Reinier Post" <rp@xxxxxxxxxx>
Date: Tue, 24 May 2005 09:57:12 -0700
Reply-to: bugs@xxxxxxxxxxx 
<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11851 >

See also

  http://forum.freeciv.org/viewtopic.php?p=6069#6069

My question: it seems a lot cleaner and more secure to do away
with all the special code and instead just let the client write
a temporary startup file containing the /cmdlevel hack command,
then make it invoke the server as

  civserver -r mygenerated.rc

That would be doing things "the Unix way".
As far as I can see, all the hackery can go.

You don't need to implement any additional authorization checks.
The only thing that needs to be checked is if the special startup
file is written correctly.  You don't even need to do that if it comes
with the distribution (but then it may be edited, causing things to fail).

Let me know if there's something I'm missing.
[Prev in Thread] Current Thread [Next in Thread]