<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40170 >

> [EMAIL PROTECTED] - Thu Mar 27 23:18:35 2008]:
>  From the security point of view I don't like sending of logmessages
> to clients, introduced in #40087. Those messages can potentially
> contain information about server machine internals I'd rather not
> broadcast to everyone.

I agree that when the server is running in a public
multiplayer context then players should not get anything
more than "an error has occured" (if anything), with
something more specific only if no potentially damaging
internal information is revealed.

>  At least commandline switch to disable this feature is required.

Or it could be disabled automatically if the server is not
being used to run a local single player game (I hope the
errors will still appear in the server console though, so
that server operators can debug problems).

Actually now that I look at the r14390 commit (made one day
after the patch was posted...), there are other dubious
changes: the /wall command is made to send an E_LOG_FATAL
message. But this is nonsense as the /wall command is used
by the server operator to send any kind of message (e.g. to
wakeup users since the default message option for
E_MESSAGE_WALL is to make a popup), and certainly never fatal

Also, would it be so hard to come up with a better event
section name than "E_S_XYZZY", which I doubt few would
comprehend - especially not non-natively English speaking
people. I realize I am fantastically stupid, but I myself
do not see how it applies (in its metasyntactic sense, à
la foobar), when the events subsumed by that category would
be better described by for example E_S_SERVER or E_S_GAME. :(


Freeciv-dev mailing list

Reply via email to