From b5a902703e26e01e92af33083a4ec2e977ad27be Mon Sep 17 00:00:00 2001 From: rubidium Date: Sun, 2 Dec 2007 15:12:19 +0000 Subject: (svn r11557) -Codechange: send and store the passwords a little more secure to/in the servers. Each server and game yield a (usually) different 'salt'. This salt is used by the clients to hash their passwords. This way the passwords are not sent in clear text and it is not trivial to use those hashes on other servers. NOTE: It is still NOT safe to use your trusted passwords and it will not stop people from being able to 'hijack' your password, it only makes it harder to do and certainly much less trivial than just dumping passwords from the memory. --- src/console_cmds.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/console_cmds.cpp') diff --git a/src/console_cmds.cpp b/src/console_cmds.cpp index af5feb4fb..96b6a9735 100644 --- a/src/console_cmds.cpp +++ b/src/console_cmds.cpp @@ -1326,6 +1326,8 @@ DEF_CONSOLE_HOOK(ConHookRconPW) return true; } +extern void HashCurrentCompanyPassword(); + /* Also use from within player_gui to change the password graphically */ bool NetworkChangeCompanyPassword(byte argc, char *argv[]) { @@ -1346,8 +1348,11 @@ bool NetworkChangeCompanyPassword(byte argc, char *argv[]) ttd_strlcpy(_network_player_info[_local_player].password, argv[0], sizeof(_network_player_info[_local_player].password)); - if (!_network_server) + if (!_network_server) { SEND_COMMAND(PACKET_CLIENT_SET_PASSWORD)(_network_player_info[_local_player].password); + } else { + HashCurrentCompanyPassword(); + } IConsolePrintF(_icolour_warn, "'company_pw' changed to: %s", _network_player_info[_local_player].password); -- cgit v1.2.3-54-g00ecf