Wiki about BZAuthd

All things BZFlag - no [OT] here please
Post Reply
trpted
Private First Class
Private First Class
Posts: 242
Joined: Mon Feb 21, 2005 8:29 pm

Wiki about BZAuthd

Post by trpted »

REF = https://wiki.bzflag.org/BZAuthd

* Issue one *
The callsign and password are sent in clear text form to the list server and this is a risk to the users' privacy since they may use those passwords elsewhere. The auth daemon would use a public key cryptography algorithm called RSA that would effectively solve this problem. The only way to register at the moment is at the forums. The daemon would allow users to register through a secure, RSA encrypted channel from inside the game.
That is great wonderful of the future what you are planning to do. :)

But there is an issue. Users should never use the same passwords everywhere they go.

Tell the users to stop doing that. The password for BZFLAG and it's forum should not be used anywhere else.

* Issue two *
Should or can the Karma server and LDAP server be one and the same?

PROVIDES: easier maintenance, both autonomously and manually
PROVIDES: easier ability for maintaining a consistent data state (no fuzzy syncing issues – it either is or isn't synced with replicants)
PROBLEMATIC: multiple areas of entry for possible abuse (unless replicants are hosted on 'trusted' systems, as far as that can be determined.)
PROBLEMATIC issue, not matter what you do (Karma server and LDAP server same server or not the same server, for example) : I have read/heard
If it is made by human hands, it can be broken by human hands.
^^
User avatar
blast
General
General
Posts: 4931
Joined: Fri Mar 21, 2003 3:49 pm
Location: playing.cxx
Contact:

Re: Wiki about BZAuthd

Post by blast »

It's not clear what you're pointing out as issues. We're not going to be using a BZAuthd and will continue to use web-based tech. And since 2.4.4 we've been using HTTPS communication to the list server and forums.
"In addition to knowing the secrets of the Universe, I can assure you that I am also quite potty trained." -Koenma (Yu Yu Hakusho)

Image
User avatar
tainn
Private First Class
Private First Class
Posts: 278
Joined: Sun Nov 18, 2018 7:25 pm
Location: phantom_zone;

Re: Wiki about BZAuthd

Post by tainn »

Regarding the argument of specifically pointing out on the account creation page that people should not use the same passwords across multiple websites, I think that's quite redundant at this point.

This matter is vocal on so many websites already and speaks common sense that it might seem as unnecessary guided cluster rather than anything else.

I'm quite indifferent about it, but seeing what kind of community bzflag is and what kind of new users it receives, I think the people don't generally have to be shown what steps to take to ensure basic security.

Not to shoot down the idea, I think it is presented in good faith, but this community really is of the type where each individual is expected to take care of at least their own basics without additional guidance.
User avatar
Zehra
Private First Class
Private First Class
Posts: 914
Joined: Sun Oct 18, 2015 3:36 pm
Location: Within the BZFS API and Beyond it
Contact:

Re: Wiki about BZAuthd

Post by Zehra »

trpted wrote: Sat Jan 05, 2019 8:49 pm REF = https://wiki.bzflag.org/BZAuthd

That is great wonderful of the future what you are planning to do. :)
Mentioned within the List Server questions thread, it was mentioned that BZAuthd had not been updated, and if I'm not mistaken, the code itself has not been touched since 2009. (Meaning that no updates were made to it after that point.)
Personally, I wouldn't recommend using the Wiki to search for the 'latest' development ideas as the Wiki is mostly outdated.
If you are interested in the latest development ideas, I would recommend asking within the forums or IRC.

-Zehra
Those who are critical of me, I'll likely be the same of them. ~Zehra
The decisions we make are the ones we look forward too and the ones we regret. ~Zehra
There's a difference between knowing my name and knowing me, one shows respect to my name and the other is to who I am. ~Zehra

See where I've last been active at Strayers.
Visit BZList.net for a modern HTML5 server stats site.

Click here to view the 101 Leaderboard & Score Summaries Last updated 2021-01-12 (YYYY-MM-DD)
Latest 101 thread
Post Reply