diff options
author | est31 <MTest31@outlook.com> | 2016-08-22 04:27:44 +0200 |
---|---|---|
committer | est31 <MTest31@outlook.com> | 2016-08-22 20:23:28 +0200 |
commit | d767f025cb0d5cca29c1f2147d2a0931a088b717 (patch) | |
tree | eddc886ed5e6f09e43fa6c4224e4e14d5a840608 /src/util/auth.cpp | |
parent | 0b0075e6ad0b3110cabdfc92cedb0a24d2b5ec42 (diff) | |
download | minetest-d767f025cb0d5cca29c1f2147d2a0931a088b717.tar.gz minetest-d767f025cb0d5cca29c1f2147d2a0931a088b717.tar.bz2 minetest-d767f025cb0d5cca29c1f2147d2a0931a088b717.zip |
Client: disable pre v25 init sending by default
Disable the ability to connect to old servers by default to
improve password security.
If people still want to connect to old (0.4.12 and earlier)
servers, they can flip the send_pre_v25_init setting.
Add the ability to detect if we've tried to connect
to a server which only supports the pre v25 init protocol,
and show an apropriate error message. Most times the error
will already be catched at the serverlist level, the
detection mechanism only acts as last resort, because the
"Connection timed out" error message that would be shown
otherwise would be very confusing.
Automatic "fixing" of this condition is not desired,
as it would allow for downgrade attacks.
As already 161 of the 167 servers on the serverlist
support the new srp based auth protocol (> 96%),
the breakage should be minimal.
Follow up of commit
af30183124d40a969040d7de4b3a487feec466e4 "Add option to not send pre v25 init packet"
Also change the pessimistic assumption of masterlist
server versions to optimistic, in order to avoid buggy
behaviour (favourites not in the serverlist would be
denied to connect to, etc).
Diffstat (limited to 'src/util/auth.cpp')
0 files changed, 0 insertions, 0 deletions