<URL: http://bugs.freeciv.org/Ticket/Display.html?id=39957 >
Jason Dorje Short wrote: > Also the whole point of the HACK check is that the client SHOULD have > permission to delete the file created. If the client cannot write to > that file then it should not be granted hack access. Speaking as an Internet security expert, that's just plain wrong. It's merely a token, used as a shared-secret. It's bad enough that it's used as a plaintext password. For security, the files should be controlled and updated by the server. The client should have no more than read access, especially as the current scheme is designed for multiple clients accessing the server installed in a common directory. Moreover, in a properly designed protocol, the client should be able to access the server at various control levels remotely. For 2.2 or 2.3.... For 2.1, I'm just fixing the wrongly sent packets! _______________________________________________ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
