Would it make sense to encrypt the connection between the client and the
server? I'm particularly concerned about the sending of passwords in
plaintext, as they're probably the same as other user passwords in most
It would be fairly simple to wrap the server side with stunnel, but
without built-in client support, this wouldn't do any good.
I've never used openssl or similar libraries, but that would seem like
the right approach. I doubt that the added overhead would cause latency
or cpu load issues.
crossfire mailing list