Welcome, Guest
Username: Password: Remember me

TOPIC:

Premature autorenew 9 years 2 months ago #3870

ST2 wrote: Silly Sad,

maybe I've placed too many words when basically what I wanted to say was:
- When placing a suggestion, please provide some more info - more detailed, I mean


Actually I think you missed some points. Being myself an custom client maintainer, the main issue here is the definition of what belongs to the Btpro client.
  • o First of all any feature that breaks the compatibily between the vanilla server and the client is to be made to Openttd devs.
    Example:

    Silly Sad wrote: my suggestion is to solve the boats' problem once and for all.
    and to do so we need to rethink the pathfinder completely -- i suggest brand new approach to the pathfinding on open flat spaces such is sea.

  • o Any feature that is usefull in every game, not only the ones hosted here, should be first suggested to Openttd dev team. ( Suggest here )
    If it was already suggested and it was refused/ignored, but you still think it is useful post it here.(with the proof it was refused/ignored by the openttd dev team, please)
  • o If the feature is useful for the Btpro servers, and maybe not so useful for the others, you are in the right place! ;)
The following user(s) said Thank You: Frank, ST2, vGelder

Please Log in or Create an account to join the conversation.

Last edit: by Myhorta.

BTPro Client Suggestions 9 years 2 months ago #3935

Here's a suggestion: Send a hashed password when retrieving a login token. Or just send it to a https via post instead of get...
sending to http server:
http://openttd.btpro.nl/gettoken.php?user=<User>&password=<YourPasswordInPlaintext>
The following user(s) said Thank You: ItzJustMeh

Please Log in or Create an account to join the conversation.

Last edit: by Bergi.

BTPro Client Suggestions 9 years 2 months ago #3936

the suggestion is quite very good and only stumbles in couple limitations:
- requires a new/changed gettoken.php file (on how it works and communicates with database - by my side is a personal limitation - I have no clue how todo that ^^);
- I guess https is out of question due the cost of a SSL Certificate (since I'm a noob on that things, correct me if needed);

and yes, your password is sent in Plain Text via http, and that's why we always recommend players use a password that they don't use in any other services to IF someone discovers your BTPro password the damages are limited here. For now it's the solution we're using (it doesn't invalidate your first suggestion) and any issue can be reported to BTPro admins - and we'll start tracking IP's used on a reported account (for example).

Thank you for your suggestions :)
  • ST2
  • ST2's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1222
  • Thank you received: 628

Please Log in or Create an account to join the conversation.

BTPro Client Suggestions 9 years 2 months ago #3938

you dont have to pay for a certificate -- you can yourself issue a certificate for your server.


ok. i shut up.

Please Log in or Create an account to join the conversation.

BTPro Client Suggestions 9 years 2 months ago #3939

There's also StartSSL (free + signed): www.startssl.com/?app=1

The code in src/network/core/tcp_http.cpp, however, only allows you to make HTTP requests. To use HTTPS openssl/libcurl/... would be required.

Please Log in or Create an account to join the conversation.

Time to create page: 0.035 seconds
Best hosting deal on hostgator coupon or play poker on party poker
Copyright 2020 BTPro Client Suggestions - Page 14 - BTPro - OpenTTD Community.