[Freeciv-Dev] [bug #15472] Mild security concern with event cache: server setup commands shown to client
Update of bug #15472 (project freeciv): Status: Ready For Test = Fixed Open/Closed:Open = Closed ___ Reply to this item at: http://gna.org/bugs/?15472 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15472] Mild security concern with event cache: server setup commands shown to client
Update of bug #15472 (project freeciv): Status:None = Ready For Test Assigned to:None = pepeto Planned Release: = 2.2.4, 2.3.0 ___ Follow-up Comment #2: Attached 2 patches: * command_echo.diff: Implements command notification control like in warclient for every command. * event_cache_clear.diff: It clears the event cache before first connections are accepted. Also it makes some cleanup in string and notification duplications, and reread the server script every time the game restart. (file #10435, file #10436, file #10437, file #10438) ___ Additional Item Attachment: File name: trunk_event_cache_clear.diff Size:3 KB File name: trunk_command_echo.diffSize:24 KB File name: S2_2_event_cache_clear.diffSize:3 KB File name: S2_2_command_echo.diff Size:24 KB ___ Reply to this item at: http://gna.org/bugs/?15472 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15472] Mild security concern with event cache: server setup commands shown to client
Update of bug #15472 (project freeciv): Priority: 1 - Later = 5 - Normal ___ Reply to this item at: http://gna.org/bugs/?15472 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15472] Mild security concern with event cache: server setup commands shown to client
Follow-up Comment #3, bug #15472 (project freeciv): This patch looks really good. It remove some unneeded information from the event log making it more usefull. ___ Reply to this item at: http://gna.org/bugs/?15472 ___ Nachricht geschickt von/durch Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15472] Mild security concern with event cache: server setup commands shown to client
URL: http://gna.org/bugs/?15472 Summary: Mild security concern with event cache: server setup commands shown to client Project: Freeciv Submitted by: cazfi Submitted on: Wednesday 02/24/2010 at 19:29 Category: general Severity: 3 - Normal Priority: 1 - Later Status: None Assigned to: None Originator Email: Open/Closed: Open Release: 2.2.0 Discussion Lock: Any Operating System: None Planned Release: ___ Details: When starting, server echoes commands used to setup server to console. At least read command is problematic as it takes filesystem path as parameter. This reveals information about server computer internals. Previously this was not a problem as clients connect only after these messages have been shown. Now, with even cache, they are stored and shown to connecting clients. ___ Reply to this item at: http://gna.org/bugs/?15472 ___ Message sent via/by Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
[Freeciv-Dev] [bug #15472] Mild security concern with event cache: server setup commands shown to client
Follow-up Comment #1, bug #15472 (project freeciv): Maybe event cache should be only for events in running states? Else, what command reveal undesired informations? They should echo only to the console, and maybe the hack access connections... ___ Reply to this item at: http://gna.org/bugs/?15472 ___ Message posté via/par Gna! http://gna.org/ ___ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev