If you never give out your rcon password (or don't make it a really easy one) you'll never have to worry about this anyway.
Mattie wrote: > Hey guys, > > I wanted to run this by the community. Your feedback is very much > appreciated. > > How much would it annoy you if it was impossible to change rcon_password > once any map had been loaded? In other words, the only way to change > rcon_password would be in autoexec.cfg or server.cfg (and then the server > would need to restart for it to take effect). > > Would this be incredibly painful? > > This single, simple change could dramatically decrease the amount of > server-control exploits in the wild. The majority of these exploits require > changing the password to something you don't know. > > I was thinking about this recently and I was debating either: > (a) Working with you guys to ask Valve to make rcon_password unchangeable > while the server is running, and/or > (b) Making the EventScripts plugin enforce this by default (with an option > to disable it if you're adventurous). > > What cases can you think of where it was important to be able to change > rcon_password without taking the server down? > > The biggest argument I've heard so far is that if someone learns your > rcon_password, you can't change it easily to prevent them. Unfortunately, > though, most hackers change the rcon_password immediately so you're locked > out of your own console. As such, this doesn't really work, anyway. > > Thoughts? Opinions? Thanks in advance, > -Mattie > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
