From: <no...@so...> - 2002-11-23 00:28:55
|
Feature Requests item #641264, was opened at 2002-11-20 15:11 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=353248&aid=641264&group_id=3248 Category: BZFlag Group: None Status: Open Resolution: None Priority: 7 Submitted By: Mr. C. Wallis (wspanker) Assigned to: Nobody/Anonymous (nobody) Summary: Password and Callsign Initial Comment: I would like to see a new account and password feature when you logon to your bzflag and go to servers. enabling this feature will allow better tracking of who is cheating or who is not. as it stands now we can logon as someone else's callsign and do all sorts of nasty things and ruin it for the real user of that callsign. this would prevent that, and would prevent the response "it musta not been me" or "it wasn't me" it should'nt take to much to have a small database like the listserver with just password and name? 500 players are involved so thats not too big i would think. just another bzflag thought wspanker ---------------------------------------------------------------------- >Comment By: David Trowbridge (davidtrowbridge) Date: 2002-11-23 00:28 Message: Logged In: YES user_id=66583 There are some problems that cannot be solved by technical means. We have some plans for server-side measures but there are things we cannot control (such as a person signing on under a known player's callsign and teamkilling or using nothing but foul language). The all-encompassing solution we came up with was the combination of moving more of the responsibility into the server, registered callsigns (either through password or gpg-key), and karma. Of course, if a server was unable to connect to the authentication database, it should just let them in. ---------------------------------------------------------------------- Comment By: Jeremiah (cobraa1) Date: 2002-11-23 00:10 Message: Logged In: YES user_id=25311 Yes, I totally agree. However, gettting this would probably require major changes, so that won't be for a while. A name and callsign database would allow server operators to kick off people who are cheating, as well as team killing and other types of abuse. It's more general in scope. Ideally, I would like both ideas to be implemented. ---------------------------------------------------------------------- Comment By: Ben Baker (benbaker) Date: 2002-11-22 16:20 Message: Logged In: YES user_id=558416 Requiring Passwords and Callsigns would introduce new problems (ie "I can't logon!") as well as create issues with maintaining the central password server. How do you manage creating new accounts? How will you keep cheaters from using multiple accounts? What happens when people are wrongfully banned? What about when the LDAP store goes down and the admin is on vacation? etc... This will also not solve the central problem: The server trusts the clients. It is extremely easy to modify one line of code and rebuild the client to make yourself invincible, make laser beams that last virtually forever, and any number of other hacks. The reason is that the server doesn't do any sort of checking on collision detection, scoring, etc. In order to make BZFlag more secure, the server needs to check the information that is coming from the untrusted clients. If a client is cheating, the server could ban their IP address to prevent them from rejoining. Passwords is a nice idea, but it won't solve the cheating issues by itself. It would be much better to secure the server first before attempting to implement passwords. ---------------------------------------------------------------------- Comment By: Dave Brosius (dbrosius) Date: 2002-11-21 02:31 Message: Logged In: YES user_id=66596 No karma work was done yet, afaik Todo name authentication, we would probably just use an BZFlag LDAP store, where riker was the admin. would be relatively trivial to impl. Although uptime may be an issue. ---------------------------------------------------------------------- Comment By: Jeremiah (cobraa1) Date: 2002-11-20 18:52 Message: Logged In: YES user_id=25311 I second this. Anybody know what kind of networking changes would be required to do this? How much work was done on the 1.8 "karma" idea? Can it be transferred to 1.7? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=353248&aid=641264&group_id=3248 |