On Thu, 03 Mar 2005 18:19:06 -0600, David White wrote: > The current interface is to send commands using a fifo that is on the > system wesnothd is on, and wesnothd responds on stdout, but I think we > need a better system than this.
Except for responding on stdout, I think a local interface is just fine. We can replace it by a local socket (unix socket or not) to provide communications both way. But we should not try to do anything fancier, especially not opening a port on the outside world. Indeed, there would be no security. A firewall can only be considered as a restricting system, when all the incoming communications are blocked; an IP-based blocking is a lot too easy to circumvent. We should also not try to implement a authentification system (no need to, if we use a local socket), it would be useless bloat. A local socket is a good solution imo. Minimal work to implement. And secure: the socket would be accessed through a ssh tunnel, or an https php webpage for example. Authentified and crypted communications, these tools provide a level of security that would be painful to reach into Wesnoth. To sumarize my point: never, o never, open on the outside world a plain text socket used for administration purposes. (And no, I'm not a paranoid guy). Best regards, Guillaume
