<URL: http://bugs.freeciv.org/Ticket/Display.html?id=12768 >
> [rp - Mon Apr 11 16:30:48 2005]: > > In 2.0.0-rc1 an observer can join, observe an existing player, and then > issue an aitoggle command on some player. Is this level of control > supposed to be allowed to observers? (I have only tried it on dead > players.) > > The actual problem I noticed is that the player (i.e. nation) name is > given as the issuer, not my user name, so it appeared as if the user who > was actually playing the nation I was merely observing was issuing the > command. > Can still reproduce in 2.1.0. You can log in as global observer and start toggling the AI status on any player. Sounds like a security issue to me. ~Daniel _______________________________________________ Freeciv-dev mailing list Freeciv-dev@gna.org https://mail.gna.org/listinfo/freeciv-dev
