<URL: http://bugs.freeciv.org/Ticket/Display.html?id=39957 >
William Allen Simpson wrote: > <URL: http://bugs.freeciv.org/Ticket/Display.html?id=39957 > > > server/gamehand.c > handle_single_want_hack_req() > Sent send_ruleset_choices() when HACK is not successful. > Redundant send_conn_info() when HACK is not successful. > > client/connectdlg_common.c > handle_single_want_hack_reply() > File should be deleted by server, client doesn't always have permission. > > Implies every client request should have different file? > > Really need different paradigm for 2.2, perhaps the AUTH system? The purpose of a file-driven HACK check was always to make sure that the local connection was given hack access when the client launches the server. It will also give you hack access when you launch client and server separately from the same computer (and account); whether this is needed I'm not sure. The former case could be handled more cleanly using environment variables. The client sets the FREECIV_HACK_PASSWORD environment variable to some large bit of pseudo-random garbage. On connecting it passes this bit of garbage to the server which is then used to verify the connection and provide HACK access. The only problem is that this will ONLY work if the client controls the server's environment - i.e., when the client launches the server. Also the whole point of the HACK check is that the client SHOULD have permission to delete the file created. If the client cannot write to that file then it should not be granted hack access. And yes, a separate file is needed for each connection. -jason _______________________________________________ Freeciv-dev mailing list [email protected] https://mail.gna.org/listinfo/freeciv-dev
