widelands

Removing plaintext password from config file?

Bug #1765973 reported by Notabilis on 2018-04-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	widelands	Won't Fix	Undecided	Unassigned	widelands build21-rc1

Bug Description

The current configuration file in trunk contains the plaintext password (for users of build19) and the hashed password (for users of trunk). The idea was that users (mainly developers) that are using both versions don't loose their saved password.
Do we still want to support this double-usage of build19- and build20+ ? Removing the plaintext password (by removing line 755 in wlapplication.cc) would be inconvenient for users of both versions but would increase the password security for the other users.

I would be in favor of removing it, since I guess the number of users using both versions will shrink quickly as soon as the Linux distributions pick up the new build for the repositories (and they no longer need the build19 version for playing with people online).

Tags:

Revision history for this message

GunChleoc (gunchleoc) wrote on 2018-04-21:

I'm in favor of removing it for Build 21. The mix will make it easier for users to make the transition and not get login errors when they have just updated.

tags:	added: network
Changed in widelands:
milestone:	build20-rc1 → build21-rc1

Revision history for this message

Notabilis (notabilis27) wrote on 2018-04-22:

Okay, fine by me.

By the way: The new password entry in the config file is automatically created from the old passwords, so users aren't forced to login again after updating the game.

GunChleoc (gunchleoc) on 2018-04-23