<URL: http://bugs.freeciv.org/Ticket/Display.html?id=40170 >
> [EMAIL PROTECTED] - Thu Mar 27 23:18:35 2008]: > > From the security point of view I don't like sending of logmessages > to clients, introduced in #40087. Those messages can potentially > contain information about server machine internals I'd rather not > broadcast to everyone. I agree that when the server is running in a public multiplayer context then players should not get anything more than "an error has occured" (if anything), with something more specific only if no potentially damaging internal information is revealed. > At least commandline switch to disable this feature is required. Or it could be disabled automatically if the server is not being used to run a local single player game (I hope the errors will still appear in the server console though, so that server operators can debug problems). Actually now that I look at the r14390 commit (made one day after the patch was posted...), there are other dubious changes: the /wall command is made to send an E_LOG_FATAL message. But this is nonsense as the /wall command is used by the server operator to send any kind of message (e.g. to wakeup users since the default message option for E_MESSAGE_WALL is to make a popup), and certainly never fatal errors. Also, would it be so hard to come up with a better event section name than "E_S_XYZZY", which I doubt few would comprehend - especially not non-natively English speaking people. I realize I am fantastically stupid, but I myself do not see how it applies (in its metasyntactic sense, à la foobar), when the events subsumed by that category would be better described by for example E_S_SERVER or E_S_GAME. :( --------------------------------------------------------------------- 貴様だったか?!オッーー。申し訳ございません。 社長がいることを見ませんでした _______________________________________________ Freeciv-dev mailing list [email protected] https://mail.gna.org/listinfo/freeciv-dev
