[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Wesnoth-dev] Administering the server
|
From: |
Guillaume Melquiond |
|
Subject: |
Re: [Wesnoth-dev] Administering the server |
|
Date: |
Fri, 4 Mar 2005 09:03:34 +0100 |
On Thu, 03 Mar 2005 18:19:06 -0600, David White wrote:
> The current interface is to send commands using a fifo that is on the
> system wesnothd is on, and wesnothd responds on stdout, but I think we
> need a better system than this.
Except for responding on stdout, I think a local interface is just
fine. We can replace it by a local socket (unix socket or not) to
provide communications both way. But we should not try to do anything
fancier, especially not opening a port on the outside world.
Indeed, there would be no security. A firewall can only be considered
as a restricting system, when all the incoming communications are
blocked; an IP-based blocking is a lot too easy to circumvent. We
should also not try to implement a authentification system (no need
to, if we use a local socket), it would be useless bloat.
A local socket is a good solution imo. Minimal work to implement. And
secure: the socket would be accessed through a ssh tunnel, or an https
php webpage for example. Authentified and crypted communications,
these tools provide a level of security that would be painful to reach
into Wesnoth.
To sumarize my point: never, o never, open on the outside world a
plain text socket used for administration purposes. (And no, I'm not a
paranoid guy).
Best regards,
Guillaume