<URL: http://bugs.freeciv.org/Ticket/Display.html?id=39957 >
William Allen Simpson wrote:
> <URL: http://bugs.freeciv.org/Ticket/Display.html?id=39957 >
> Jason Dorje Short wrote:
>> Also the whole point of the HACK check is that the client SHOULD have
>> permission to delete the file created. If the client cannot write to
>> that file then it should not be granted hack access.
> Speaking as an Internet security expert, that's just plain wrong. It's
> merely a token, used as a shared-secret. It's bad enough that it's used
> as a plaintext password.
> For security, the files should be controlled and updated by the server.
> The client should have no more than read access, especially as the
> current scheme is designed for multiple clients accessing the server
> installed in a common directory.
> Moreover, in a properly designed protocol, the client should be able to
> access the server at various control levels remotely. For 2.2 or 2.3....
> For 2.1, I'm just fixing the wrongly sent packets!
But the point is that having HACK access allows you to write directly to
the filesystem, through the /save command among others. HACK access
should only be given when you do not mind the user having write access.
That is why the hack check is done the way it is now and the client is
supposed to be able to write to the file to get it.
Freeciv-dev mailing list