sdzen wrote:forbid empty passcode +1 dont mess with what people want their passwords dont want to add minetest to my list of infuriating logins -1
dannydark wrote:EDIT: Actually it would be nice to have the choice to require strong passwords in the server settings so that it can be optional on a per-server basis :D
XCalibur54 wrote:The main reason people have empty passwords is because they don't want to type in a password every time they join a server. It would help more if the client remembered the password. Of course, there should still be an empty password warning on the initial entry.
commit 15d24d8b03003920dea15bd1f51dc6554ad6b30e
Author: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Date: Wed Jan 25 00:43:32 2012 +0100
server: disallow empty passwords (configurable)
diff --git a/src/defaultsettings.cpp b/src/defaultsettings.cpp
index 1e48183..f3e25ea 100644
--- a/src/defaultsettings.cpp
+++ b/src/defaultsettings.cpp
@@ -95,6 +95,7 @@ void set_default_settings(Settings *settings)
settings->setDefault("default_privs", "build, shout");
settings->setDefault("unlimited_player_transfer_distance", "true");
settings->setDefault("enable_pvp", "true");
+ settings->setDefault("allow_empty_passwords", "false");
settings->setDefault("profiler_print_interval", "0");
settings->setDefault("enable_mapgen_debug_info", "false");
diff --git a/src/server.cpp b/src/server.cpp
index a0c8a00..101427b 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -2016,6 +2016,17 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
// Add player to auth manager
if(m_authmanager.exists(playername) == false)
{
+
+ // TODO: allow empty passwords in local games?
+ if(g_settings->getBool("allow_empty_passwords") == false &&
+ password[0] == '\0')
+ {
+ infostream<<"Server: new player with empty password"<<std::endl;
+ SendAccessDenied(m_con, peer_id,
+ L"Empty passwords are not allowed");
+ return;
+ }
+
std::wstring default_password =
narrow_to_wide(g_settings->get("default_password"));
std::string translated_default_password =
jn wrote:(Not overly) quick and dirty server-side patch:
$ git apply --check empty_pw.patch
fatal: corrupt patch at line 40
JSonic wrote:jn wrote:(Not overly) quick and dirty server-side patch:
Can you tell how to apply this patch? I tried to copy the code and put it into a new file empty_pw.patch on my local minetest git folder. Then I run this command and that's what I get.Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
$ git apply --check empty_pw.patch
fatal: corrupt patch at line 40
I have git version 1.7.0.4, OS is Puppy Linux. What is wrong?
jn wrote:The forum seems to corrupt tabulators (or it's Firefox). I uploaded the patch here: http://paste.opensuse.org/view/raw/23146175
jn wrote:My patch is now available via git at http://repo.or.cz/w/minetest-c55/jn.git/shortlog/refs/heads/empty_pass
dannydark wrote:Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.
jn wrote:dannydark wrote:Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.
It's not all that easy to decide. People might start a world in single player mode and then use it for a public server, although one could argue that admins should just take care of what they do. I changed it to allow the local player to have an empty password.
Version 2: http://repo.or.cz/w/minetest-c55/jn.git/shortlog/refs/heads/empty_pass_v2
It might be nice to have a client-side warning when locally starting a new player with an empty password.
redcrab wrote:+100000 ... Hackers loves empty password
I vote for an option : forbid empty password + strong password with a regex/simple rule (min length, special character, digits etc..)
ParaklataChotou wrote:Well, how can I enable that users can access to my server with no need of password?
disallow_empty_password = false
Krock wrote:ParaklataChotou wrote:Well, how can I enable that users can access to my server with no need of password?
There was no older topic about this problem, right? (/ sarcasm)
Empty passwords are allowed by default. Revert the setting "disallow_empty_password" in the server's minetest.conf back to its default value:Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
disallow_empty_password = false
Users browsing this forum: No registered users and 12 guests