<URL: http://bugs.freeciv.org/Ticket/Display.html?id=39957 >
Jason Dorje Short wrote: > But the point is that having HACK access allows you to write directly to > the filesystem, through the /save command among others. HACK access > should only be given when you do not mind the user having write access. > That is why the hack check is done the way it is now and the client is > supposed to be able to write to the file to get it. > AFAICT, there is no check in the server code that the client has write access, nor that the file was properly deleted. And the mask isn't properly set, either. There is no security reason for the process. Madeline, where is your code? The AUTH code here is cryptologically unsound. Did the AUTH code come from someplace special? Is there any reason to be backward compatible with anything? _______________________________________________ Freeciv-dev mailing list [email protected] https://mail.gna.org/listinfo/freeciv-dev
