Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Store company passwords for network servers #599

Closed
DorpsGek opened this issue Feb 7, 2007 · 8 comments
Closed

Store company passwords for network servers #599

DorpsGek opened this issue Feb 7, 2007 · 8 comments
Labels
flyspray This issue is imported from FlySpray (https://bugs.openttd.org/)

Comments

@DorpsGek
Copy link
Member

DorpsGek commented Feb 7, 2007

Smoovious opened the ticket and wrote:

When saving a network game, and reloading it later, none of the company passwords are saved|reloaded...

Reported version: trunk
Operating system: All


This issue was imported from FlySpray: https://bugs.openttd.org/task/599
@DorpsGek
Copy link
Member Author

DorpsGek commented Sep 3, 2007

Brokkoli wrote:

when this is implemented there should also be an option for the server admin, to remove the password of any company.


This comment was imported from FlySpray: https://bugs.openttd.org/task/599#comment2042

@DorpsGek
Copy link
Member Author

sforget wrote:

I have actually written a patch that saves Multiplayer company passwords. It works quite well and is so far bug free.

Attachments


This comment was imported from FlySpray: https://bugs.openttd.org/task/599#comment2814

@DorpsGek
Copy link
Member Author

zothar wrote:

Related forum topic: http://www.tt-forums.net/viewtopic.php?f=33&t=34997


This comment was imported from FlySpray: https://bugs.openttd.org/task/599#comment3006

@DorpsGek
Copy link
Member Author

DorpsGek commented Aug 3, 2008

zothar wrote:

I've updated the patch for the 0.6.2 r13972 release, making the password file save to the same path as the saved game file.

Attachments


This comment was imported from FlySpray: https://bugs.openttd.org/task/599#comment4523

@DorpsGek
Copy link
Member Author

Hazzard wrote:

It's probably best to hash & salt the passwords for storage, I'm sure some people use their "good" passwords in openttd, thinking they are stored (somewhat) securely. I think this is a feature worth having.


This comment was imported from FlySpray: https://bugs.openttd.org/task/599#comment13656

@DorpsGek
Copy link
Member Author

planetmaker wrote:

Yeah, probably. Obviously it's wanted. My suggestion (just my personal one), but an acceptable patch (series) would need to provide all of it:

- store it as a company property
- store the salted + hashed password only
- transmit the salted + hashed password only, thus make that operation client-side
- only restore the password sin the savegame, when run as server
- add an rcon command to clear passwords
- add an admin port command to clear passwords

EDIT: this likely will need to make use of an additional cryptography library. This should be guarded in the code with # ifdef and in config.lib treated similar as the configure options like freetype, icu etc.


This comment was imported from FlySpray: https://bugs.openttd.org/task/599#comment13657

@DorpsGek DorpsGek added Core flyspray This issue is imported from FlySpray (https://bugs.openttd.org/) labels Apr 6, 2018
@TrueBrain
Copy link
Member

TrueBrain commented Apr 10, 2018

In these modern days it is a big no-no to transmit in plain text passwords. So indeed, it needs client-side hashing of some sorts, which the server needs to store. This also means the server needs to send a salt or something .. I was misinformed, passwords are never sent clear-text.

@TrueBrain
Copy link
Member

I like the idea, I think it can be very valuable, but it is a low priority. Closing issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray This issue is imported from FlySpray (https://bugs.openttd.org/)
Projects
None yet
Development

No branches or pull requests

2 participants