FS#599 - Store company passwords for network servers

Attached to Project: OpenTTD
Opened by Kenn Booth (Smoovious) - Tuesday, 06 February 2007, 23:54 GMT
Last edited by Remko Bijker (Rubidium) - Saturday, 01 December 2007, 21:28 GMT
Type Feature Request
Category Core
Status New
Assigned To No-one
Operating System All
Severity Medium
Priority Normal
Reported Version trunk
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 2
Private No


When saving a network game, and reloading it later, none of the company passwords are saved|reloaded...
This task depends upon

Comment by Brokkoli (Brokkoli) - Sunday, 02 September 2007, 22:02 GMT
when this is implemented there should also be an option for the server admin, to remove the password of any company.
Comment by sforget (sforget) - Tuesday, 27 November 2007, 08:26 GMT
I have actually written a patch that saves Multiplayer company passwords. It works quite well and is so far bug free.

Comment by zothar (zothar) - Sunday, 16 December 2007, 18:59 GMT Comment by zothar (zothar) - Sunday, 03 August 2008, 13:17 GMT
I've updated the patch for the 0.6.2 r13972 release, making the password file save to the same path as the saved game file.
Comment by Mingwei Samuel (Hazzard) - Tuesday, 16 December 2014, 04:40 GMT
It's probably best to hash & salt the passwords for storage, I'm sure some people use their "good" passwords in openttd, thinking they are stored (somewhat) securely. I think this is a feature worth having.
Comment by Ingo von Borstel (planetmaker) - Tuesday, 16 December 2014, 17:16 GMT
Yeah, probably. Obviously it's wanted. My suggestion (just my personal one), but an acceptable patch (series) would need to provide all of it:

- store it as a company property
- store the salted + hashed password only
- transmit the salted + hashed password only, thus make that operation client-side
- only restore the password sin the savegame, when run as server
- add an rcon command to clear passwords
- add an admin port command to clear passwords

EDIT: this likely will need to make use of an additional cryptography library. This should be guarded in the code with #ifdef and in config.lib treated similar as the configure options like freetype, icu etc.