Announcement

Collapse
No announcement yet.

Security problem in server?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security problem in server?

    I'm not sure but it seems like the Freeciv server (or an players account) can be compromised very easily. After I found no authentication method for a player than its username (which is displayed often in the chat/log) somebody can use an other players account simply by loggin in with his username after he got offline (e.g. when the player had connection problems).

    Is it really so easy to take over somebody others account or are there any security mechanisms like password protection I did not found until now?

    Thanks for the help!

  • #2
    I believe authentication is still in the works. When it is set up, it will be cool, but until then, don't play against people you can't trust.
    American by birth, smarter than the average tropical fruit by the grace of Me. -me
    I try not to break the rules but merely to test their elasticity. -- Bill Veeck | Don't listed to the Linux Satanist, people. - St. Leo | If patching security holes was the top priority of any of us(no matter the OS), we'd do nothing else. - Me, in a tired and accidental attempt to draw fire from all three sides.
    Posted with Mozilla Firebird running under Sawfish on a Slackware Linux install.:p
    XGalaga.

    Comment


    • #3
      This sounds really bad. Is there at least an option to suppress displaying of the login-username? If nobody knows it and if it is complicated enough, it would be a (poor) replacement for real authentication. Or do I have to modify the server so that these names aren't displayed any longer?

      Comment


      • #4
        The current pubserver has lots of flaws in this regard. It basically relies upon an honour system. As geeslaka said, real and secure authentication is in the works.

        Comment

        Working...
        X