The official Minetest discussion board
https://forum.minetest.net/
I agree empty passwords shouldn't be allowed and I also agree with not forcing people into creating a strong password I tend to anyway but I don't agree with forcing them to do it (not for a game... websites/online banking etc are a different thing)sdzen wrote:forbid empty passcode +1 dont mess with what people want their passwords dont want to add minetest to my list of infuriating logins -1
I hate the strong password things on websites, they always want you to have upper case, lower case, numbers AND punctuation. So unless this one is different, I'm totally against that idea.dannydark wrote: EDIT: Actually it would be nice to have the choice to require strong passwords in the server settings so that it can be optional on a per-server basis
Yes, this would be good.XCalibur54 wrote:The main reason people have empty passwords is because they don't want to type in a password every time they join a server. It would help more if the client remembered the password. Of course, there should still be an empty password warning on the initial entry.
Code: Select all
commit 15d24d8b03003920dea15bd1f51dc6554ad6b30e
Author: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Date: Wed Jan 25 00:43:32 2012 +0100
server: disallow empty passwords (configurable)
diff --git a/src/defaultsettings.cpp b/src/defaultsettings.cpp
index 1e48183..f3e25ea 100644
--- a/src/defaultsettings.cpp
+++ b/src/defaultsettings.cpp
@@ -95,6 +95,7 @@ void set_default_settings(Settings *settings)
settings->setDefault("default_privs", "build, shout");
settings->setDefault("unlimited_player_transfer_distance", "true");
settings->setDefault("enable_pvp", "true");
+ settings->setDefault("allow_empty_passwords", "false");
settings->setDefault("profiler_print_interval", "0");
settings->setDefault("enable_mapgen_debug_info", "false");
diff --git a/src/server.cpp b/src/server.cpp
index a0c8a00..101427b 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -2016,6 +2016,17 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
// Add player to auth manager
if(m_authmanager.exists(playername) == false)
{
+
+ // TODO: allow empty passwords in local games?
+ if(g_settings->getBool("allow_empty_passwords") == false &&
+ password[0] == '\0')
+ {
+ infostream<<"Server: new player with empty password"<<std::endl;
+ SendAccessDenied(m_con, peer_id,
+ L"Empty passwords are not allowed");
+ return;
+ }
+
std::wstring default_password =
narrow_to_wide(g_settings->get("default_password"));
std::string translated_default_password =
Can you tell how to apply this patch? I tried to copy the code and put it into a new file empty_pw.patch on my local minetest git folder. Then I run this command and that's what I get.jn wrote:(Not overly) quick and dirty server-side patch:
Code: Select all
$ git apply --check empty_pw.patch
fatal: corrupt patch at line 40Not sure whats wrong with the patch sorry (maybe wrong format? :S don't know), but you could just edit the server.cpp & defaultsettings.cpp files manually?JSonic wrote:Can you tell how to apply this patch? I tried to copy the code and put it into a new file empty_pw.patch on my local minetest git folder. Then I run this command and that's what I get.jn wrote:(Not overly) quick and dirty server-side patch:I have git version 1.7.0.4, OS is Puppy Linux. What is wrong?Code: Select all
$ git apply --check empty_pw.patch fatal: corrupt patch at line 40
thx .. the patch is applied on redcrab staging server (minetest.suret.net port 30001) and works as explained in this topic.jn wrote:The forum seems to corrupt tabulators (or it's Firefox). I uploaded the patch here: http://paste.opensuse.org/view/raw/23146175
Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.jn wrote:My patch is now available via git at http://repo.or.cz/w/minetest-c55/jn.git ... empty_pass
It's not all that easy to decide. People might start a world in single player mode and then use it for a public server, although one could argue that admins should just take care of what they do. I changed it to allow the local player to have an empty password.dannydark wrote:Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.
Nice I've updated the wiki with the new link, with regards to people starting single player worlds then using them for a public server I would have thought they would have copied it out of the single player directory into the server folder for that, then all they should need todo is update there account to use a password. But like you said this is down to the admins to do this.jn wrote:It's not all that easy to decide. People might start a world in single player mode and then use it for a public server, although one could argue that admins should just take care of what they do. I changed it to allow the local player to have an empty password.dannydark wrote:Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.
Version 2: http://repo.or.cz/w/minetest-c55/jn.git ... ty_pass_v2
It might be nice to have a client-side warning when locally starting a new player with an empty password.
In my case, I would like that the players of my server could join with no need of passwords. It's a creative server. I've seen that there are so many users trying to join in into my server, but they don't know how to type a password "trying to joine the server empty password". Well, how can I enable that users can access to my server with no need of password?redcrab wrote:+100000 ... Hackers loves empty password
I vote for an option : forbid empty password + strong password with a regex/simple rule (min length, special character, digits etc..)
There was no older topic about this problem, right? (/ sarcasm)ParaklataChotou wrote:Well, how can I enable that users can access to my server with no need of password?
Code: Select all
disallow_empty_password = falseThank you :)Krock wrote:There was no older topic about this problem, right? (/ sarcasm)ParaklataChotou wrote:Well, how can I enable that users can access to my server with no need of password?
Empty passwords are allowed by default. Revert the setting "disallow_empty_password" in the server's minetest.conf back to its default value:Code: Select all
disallow_empty_password = false