Announcement

Collapse
No announcement yet.

Any way to put passwords on the FreeCiv server?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Any way to put passwords on the FreeCiv server?

    I want to set up a FreeCiv server that will stay running for several days/weeks to play a long-term game (like a 24-hour turn timeout). The idea is that players would not be required to remain connected. They would log in, perform their turns, and log back out.

    I have version 1.12.6 (beta). Version 1.13 seems to be the same: Whenever a client connects to the server they may use whatever name they wish, and so they could therefore use another player's name and sneak a peek at their empire. I expect the players to be trustworthy, but to ensure honesty I would like the server to require a password at login. Is there any way to do this with FreeCiv? Or do I just have to rely on the honor system?
    Tags: None
  • #2
    There has been talk on the freeciv-dev list about adding in authentication code to the civserver, but nothing has come of it at last check. It would be possible to do a quick and dirty password protection system, but the developers would prefer to have a password system that is well designed and secure.
    Andy Black

    Comment

    • #3
      That's good to know!
      If I get desperate in the meantime I guess I could ... hmmm ... attempt to kludge my own code. (heaven help us)

      Comment

      • #4
        Yes, some kind of player authentication is planned for the next release. What it will look like is still being discussed. Ideas welcome.

        Comment

        • #5
          It could be as simple as adding a password to the Connect box. If the user is new, the server could record the password (possibly requiring the user to reenter the password to verify). If the user is returning, the server could compare to the stored password.

          I would prefer to keep it as simple as possible, and not require the user to establish public/private keys. Remember that 90% of the users will not be security savvy.

          As a compromise, the plaintext password could be passed just once when the player is first created, and then something like the CHAP protocol could work for subsequent connections.

          I would prefer to see weak security sooner than wait a long time for a highly secure system. This ain't a matter of national security.

          Comment

          • #6
            We also wish to use authentication for the ranking list (used on civserver.freeciv.org), as currently security there is based on the honour system, which works well only up to a point. That makes it a bit more complicated.

            Comment

            • #7
              Basic Auth System.

              I once saw someone who implented a basic authentication system for free civ, although not 100% secure , its prefect for what you want to do.

              Make the users login as "Username:Password" then make sure the :Password part doesnt show up anywhere in the others users screens.

              The users still have to reconnect using there full usernameassword name, but noone knows what the full name is since you filtered that out.

              This should be a really simple change to the server source code.
              You only have to change how the user name shows in the server/client programs.

              Quazion.

              Comment

              • #8
                Simple, yet effective short term solution

                Something like this would probably hold off 90% of the cheaters.
                Skeptics should forego any thought of convincing the unconvinced that we hold the torch of truth illuminating the darkness. A more modest, realistic, and achievable goal is to encourage the idea that one may be mistaken. Doubt is humbling and constructive; it leads to rational thought in weighing alternatives and fully reexamining options, and it opens unlimited vistas.

                Elie A. Shneour Skeptical Inquirer

                Comment

                Previous template Next
                Working...
                X