[Freeciv-Dev] Re: (PR#13262) pubserver-in-a-diff

["Jason Short" <jdorje@xxxxxxxxxxxxxxxxxxxxx>]

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=13262 >

Per I. Mathisen wrote:
> <URL: http://bugs.freeciv.org/Ticket/Display.html?id=13262 >
> 
> On Wed, 22 Jun 2005, Jason Short wrote:
> 
>>>+    /* If we load a game, some players may be assigned to user accounts,
>>>+     * in which case we should not start until they have joined too.
>>>+     * Otherwise it would be easy to cheat. This will be problematic
>>>+     * for scenarios where creators forget to reset usernames. */
>>>+    if (pplayer->is_ready && pplayer->is_connected) {
>>>+    num_ready++;
>>>+    } else if (pplayer->is_connected
>>>+               || is_valid_username(pplayer->username)) {
>>>+    num_unready++;
>>
>>Is this supposed to apply in non-pubserver mode too?
> 
> That was the general idea...

But in single-player mode that is too restrictive.

>>Perhaps the check should be changed so that all non-AI players must be
>>ready.Then if you have (in new games or loaded games) a created player
>>you must either wait for someone to connect to him or aitoggle him.And
>>this should apply in both modes.
> 
> Then all you need to do to cheat is to aitoggle your opponents and start
> the savegame... Very bad.

You shouldn't be allowed to aitoggle players in pregame in pubserver mode?

>>>+if (restricted_filepaths(caller)) {
>>>+  cmd_reply(CMD_SAVE, caller, C_FAIL,
>>>+            _("You cannot save games manually on this server."));
>>>+  return FALSE;
>>>+}
>>
>>This check doesn't look useful.Basically the only added effect is to
>>prevent admin saves on pubservers.Why not just restrict /save to hack
>>users?
> 
> It is in case someone finds a way to hack 'hack' level access. We do not
> want that to open up for a way to hack the system freeciv runs on, too.

OK.

-jason