blast wrote:Local authentication was specifically removed from the game because it was insecure.
Are we now talking about registered users, or about un-registered ones ? FYI, I was there talking in reference to that last group. Please don't mix them up.
blast wrote:There is not three lists to maintain. There is one. The ban list.
So your three lists description (quoted in the below) is just for laughs ?
blast wrote:Technically my idea is a blacklist (bzid bans) on top of a whitelist (antiban for registered/verified users) on top of a blacklist (hostbans and IP bans).
blast wrote:If you were talking from the point of view of a programmer, then I question how you expect a programmer to delete registered users.
Are you for real ? How much effort are you putting into deliberatily mis-reading what I'm saying ? And why for gods sake.
What about the explanation that a programmer could add code which could enable a site-admin to send a request to the central server to apply a ban on a registered player (or even fully remove him).
If you want
that possibility is a fully other question.
blast wrote:Wow, do you forget what you write that quicky? Please re-read your posting. You said you wondered why blocking registered users by name was missing from BZFlag.
Nope, I didn't. I said I already
wondered, and that was in response to what you wrote just above it :
blast wrote:Instead of having to jump onto a website and add a user to a group (which only myself and one other person have access to for my server, for example), any admin on the server could blacklist a specific user.
To me that definitily looks like you
came up with the idea, not me.
blast wrote:In any case, no, it's not a good idea. Adding a letter or number to a name makes it extremely easy to get around a ban if the bans are by name.
Really ? So passwords (which you guys are using in the clients) are not worth anything too ? Remember, passwords are just "numbers" using a few more symbols-per-digit.
blast wrote:Perhaps put a bit more thought into your suggestions.
Maybe you should put a bit more thought in your rejections ...
Besides, I never said you should add "a letter" to it. I said "a random number" Maybe a 32 bits one, maybe even 64 bits. Not that
easy to guess, now wouldn't it.
Oh yeah, that brings me to the following: stop trying to shove words into my mouth. If you are not sure what I mean than you are welcome to ask for clarification.
blast wrote:Yeah, and where does the server tell you how to look up the help text?
Well, there is something quite new on the marked in that regard : some code and text can be added into a program
so that it can respond to an incomplete or malformed command with help retrieved locally
over how to use it, and coeld even include a "/help" "-help" (linux) command so that a list of available commands is displayed. Again retieved locally.
Oh my, that something already exists for a couple of decades now, in both Linux and windows</sacrasm off>
blast wrote:My idea simpy gives the server owner a choice and make the 'bzid' not take antiban into account.
Your above "idea" is actually the implementation of the idea. If you think that that is easier than just looking at the "registered" bit than go for it I would say.
By the way, is that "bzid" not what is named "token" in the client ? Just to make sure we are talking about the same thing.
blast wrote:My point was that some bans would apply to registered users and some would not, so you'd have to have a flag show up that identifies which it is.
And my response was that I do not think that that is needed : A range-ban would never applied to registered users, a ban on a specific IP would, as always, be applied to all users. As simple as that. No change needed other than a "is he registered" check.
Ofcourse, if you want to extend the idea to enable you to put specific IP bans seperatily to un-registered and registered users you would need to do a bit more work. In that case adding a "on name only" ban for registered user and IP-bans (single or range) only for unregistered users would not be a bad idea.
But than again, that would mean a major change and thus needing a lot of time-and-energy (which you mentioned you where already in short supply of).
blast wrote:You suggested a plugin for tracking bans on registered users
How many times have I have to say that before it reaches your brain ? <angry>
That was your
suggestion, something you where, as you mentioned, already working on, but just never finished.
For reference: Mon Jan 30, 2012 3:06 pm :
blast wrote:But then an ID ban could still be added against a specific registered user. Never got around to finishing that code, though.
My suggestion is two posts up from that one. Maybe the first paragraph is not too clear on it, the second should have removed and questions about what I was after.
blast wrote:My suggestion was making the plugin handle bans on unregistered users and leaving the bzfs logic alone. So, pretty much the complete opposite of your suggestion.
I suggest you re-read my origional suggestion again. The second paragraph mentiones two different methods to get the same result. It did not say anything there about the implementation. Although later on I did mention looking at the "is registered" bit as, as far as I could tell, an easy possibility, if you know an easier/better way to get to the same result than be my guest. Hey, you have been one of the persons maintaining BZF, not I. I do not even how to write code in VC.
And for your information : I was not posting here for brownie-points, I was posting to try to aliviate some troubles with registered players getting into range-bans. If you think I tried to rob you of any such brownie-points than put your own, or anyone elses name under all of it, I don't care.