Empty password warning
Empty password warning
I propose an 'Empty password warning'. If you'd leave password empty and connect then server would complain about that.
There could be also config file options like warn_empty_password and/or allow_empty_password.
What do you think?
There could be also config file options like warn_empty_password and/or allow_empty_password.
What do you think?
+100000 ... Hackers loves empty password
I vote for an option : forbid empty password + strong password with a regex/simple rule (min length, special character, digits etc..)
I vote for an option : forbid empty password + strong password with a regex/simple rule (min length, special character, digits etc..)
Last edited by redcrab on Fri Jan 20, 2012 17:07, edited 1 time in total.
0.4 for serious builder click here
Dedicated Minetest redcrab server forum at http://minetestbb.suret.net
It's nice to be important but it is more important to be nice.
Dedicated Minetest redcrab server forum at http://minetestbb.suret.net
It's nice to be important but it is more important to be nice.
forbid empty passcode +1 dont mess with what people want their passwords dont want to add minetest to my list of infuriating logins -1
Last edited by sdzen on Fri Jan 20, 2012 20:59, edited 1 time in total.
Zen S.D.
The next generation of tranquility!malheureusement mon français n'est pas bon :<
Owner of the Zelo's
In game name: MuadTralk, spdtainted, sdzen, sd zen, sdzeno
I agree empty passwords shouldn't be allowed and I also agree with not forcing people into creating a strong password I tend to anyway but I don't agree with forcing them to do it (not for a game... websites/online banking etc are a different thing)sdzen wrote:forbid empty passcode +1 dont mess with what people want their passwords dont want to add minetest to my list of infuriating logins -1
I also think though single player shouldn't require a password currently I just have mine empty as its silly to be asked for a password on single player, so If empty passwords are changed so that they are not allowed they shouldn't effect single player.
EDIT: Actually it would be nice to have the choice to require strong passwords in the server settings so that it can be optional on a per-server basis
Last edited by dannydark on Sat Jan 21, 2012 20:04, edited 1 time in total.
I hate the strong password things on websites, they always want you to have upper case, lower case, numbers AND punctuation. So unless this one is different, I'm totally against that idea.dannydark wrote: EDIT: Actually it would be nice to have the choice to require strong passwords in the server settings so that it can be optional on a per-server basis
I agree there should be a config settings for servers to disallow empty passwords.. but don't bother requiring strong passwords except maybe minimum of 6 characters.
"Before you speak, ask yourself: Is it kind, is it true, is it necessary, does it improve upon the silence?"
My mods: http://goo.gl/n4kpn
(Currently Various, Industrial, Fakeblocks, Jail, MoarCraft, Christmas, Replicator, minetest dev installer for linux, bash mod installer, windows mod installer)
My mods: http://goo.gl/n4kpn
(Currently Various, Industrial, Fakeblocks, Jail, MoarCraft, Christmas, Replicator, minetest dev installer for linux, bash mod installer, windows mod installer)
-
- Member
- Posts: 51
- Joined: Mon Oct 24, 2011 01:29
The main reason people have empty passwords is because they don't want to type in a password every time they join a server. It would help more if the client remembered the password. Of course, there should still be an empty password warning on the initial entry.
Moderator of redcrab's 0.4 server: http://c55.me/minetest/forum/viewtopic.php?id=606
-
- Member
- Posts: 4534
- Joined: Mon Oct 03, 2011 17:58
- GitHub: Jordach
- IRC: Jordach
- In-game: Jordach
- Location: Blender Scene
Yes, this would be good.XCalibur54 wrote:The main reason people have empty passwords is because they don't want to type in a password every time they join a server. It would help more if the client remembered the password. Of course, there should still be an empty password warning on the initial entry.
(Not overly) quick and dirty server-side patch:
Code: Select all
commit 15d24d8b03003920dea15bd1f51dc6554ad6b30e
Author: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Date: Wed Jan 25 00:43:32 2012 +0100
server: disallow empty passwords (configurable)
diff --git a/src/defaultsettings.cpp b/src/defaultsettings.cpp
index 1e48183..f3e25ea 100644
--- a/src/defaultsettings.cpp
+++ b/src/defaultsettings.cpp
@@ -95,6 +95,7 @@ void set_default_settings(Settings *settings)
settings->setDefault("default_privs", "build, shout");
settings->setDefault("unlimited_player_transfer_distance", "true");
settings->setDefault("enable_pvp", "true");
+ settings->setDefault("allow_empty_passwords", "false");
settings->setDefault("profiler_print_interval", "0");
settings->setDefault("enable_mapgen_debug_info", "false");
diff --git a/src/server.cpp b/src/server.cpp
index a0c8a00..101427b 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -2016,6 +2016,17 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
// Add player to auth manager
if(m_authmanager.exists(playername) == false)
{
+
+ // TODO: allow empty passwords in local games?
+ if(g_settings->getBool("allow_empty_passwords") == false &&
+ password[0] == '\0')
+ {
+ infostream<<"Server: new player with empty password"<<std::endl;
+ SendAccessDenied(m_con, peer_id,
+ L"Empty passwords are not allowed");
+ return;
+ }
+
std::wstring default_password =
narrow_to_wide(g_settings->get("default_password"));
std::string translated_default_password =
Can you tell how to apply this patch? I tried to copy the code and put it into a new file empty_pw.patch on my local minetest git folder. Then I run this command and that's what I get.jn wrote:(Not overly) quick and dirty server-side patch:
Code: Select all
$ git apply --check empty_pw.patch
fatal: corrupt patch at line 40
Not sure whats wrong with the patch sorry (maybe wrong format? :S don't know), but you could just edit the server.cpp & defaultsettings.cpp files manually?JSonic wrote:Can you tell how to apply this patch? I tried to copy the code and put it into a new file empty_pw.patch on my local minetest git folder. Then I run this command and that's what I get.jn wrote:(Not overly) quick and dirty server-side patch:I have git version 1.7.0.4, OS is Puppy Linux. What is wrong?Code: Select all
$ git apply --check empty_pw.patch fatal: corrupt patch at line 40
The forum seems to corrupt tabulators (or it's Firefox). I uploaded the patch here: http://paste.opensuse.org/view/raw/23146175
It doesn't help, I'll edit manually. Thank you. JSonic
Last edited by JSonic on Wed Jan 25, 2012 21:30, edited 1 time in total.
thx .. the patch is applied on redcrab staging server (minetest.suret.net port 30001) and works as explained in this topic.jn wrote:The forum seems to corrupt tabulators (or it's Firefox). I uploaded the patch here: http://paste.opensuse.org/view/raw/23146175
-- already existing player with empty password still have their empty password accepted..
-- new player can't have empty password by default.
Last edited by redcrab on Wed Jan 25, 2012 20:03, edited 1 time in total.
0.4 for serious builder click here
Dedicated Minetest redcrab server forum at http://minetestbb.suret.net
It's nice to be important but it is more important to be nice.
Dedicated Minetest redcrab server forum at http://minetestbb.suret.net
It's nice to be important but it is more important to be nice.
My patch is now available via git at http://repo.or.cz/w/minetest-c55/jn.git ... empty_pass
Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.jn wrote:My patch is now available via git at http://repo.or.cz/w/minetest-c55/jn.git ... empty_pass
It's not all that easy to decide. People might start a world in single player mode and then use it for a public server, although one could argue that admins should just take care of what they do. I changed it to allow the local player to have an empty password.dannydark wrote:Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.
Version 2: http://repo.or.cz/w/minetest-c55/jn.git ... ty_pass_v2
It might be nice to have a client-side warning when locally starting a new player with an empty password.
Nice I've updated the wiki with the new link, with regards to people starting single player worlds then using them for a public server I would have thought they would have copied it out of the single player directory into the server folder for that, then all they should need todo is update there account to use a password. But like you said this is down to the admins to do this.jn wrote:It's not all that easy to decide. People might start a world in single player mode and then use it for a public server, although one could argue that admins should just take care of what they do. I changed it to allow the local player to have an empty password.dannydark wrote:Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.
Version 2: http://repo.or.cz/w/minetest-c55/jn.git ... ty_pass_v2
It might be nice to have a client-side warning when locally starting a new player with an empty password.
I personally keep a backup of my server world which I sometimes use for single player but just remove the auth file so that a new one can be made with no password ^_^
Last edited by dannydark on Sat Feb 11, 2012 21:44, edited 1 time in total.
- ParaklataChotou
- Member
- Posts: 209
- Joined: Sat Jun 18, 2016 17:09
- GitHub: paraklatachotou
- IRC: CareBearWhoCares
- In-game: AutistCortana
Re:
In my case, I would like that the players of my server could join with no need of passwords. It's a creative server. I've seen that there are so many users trying to join in into my server, but they don't know how to type a password "trying to joine the server empty password". Well, how can I enable that users can access to my server with no need of password?redcrab wrote:+100000 ... Hackers loves empty password
I vote for an option : forbid empty password + strong password with a regex/simple rule (min length, special character, digits etc..)
ip: baruman.myddns.me
port: 30001
Visit my server: freextress.ddnsking.com 30002 . mobs, npcs, interesting places, pvp.
- Krock
- Developer
- Posts: 4650
- Joined: Thu Oct 03, 2013 07:48
- GitHub: SmallJoker
- Location: Switzerland
- Contact:
Re: Re:
There was no older topic about this problem, right? (/ sarcasm)ParaklataChotou wrote:Well, how can I enable that users can access to my server with no need of password?
Empty passwords are allowed by default. Revert the setting "disallow_empty_password" in the server's minetest.conf back to its default value:
Code: Select all
disallow_empty_password = false
Look, I programmed a bug for you. >> Mod Search Engine << - Mods by Krock - DuckDuckGo mod search bang: !mtmod <keyword here>
- ParaklataChotou
- Member
- Posts: 209
- Joined: Sat Jun 18, 2016 17:09
- GitHub: paraklatachotou
- IRC: CareBearWhoCares
- In-game: AutistCortana
Re: Re:
Thank you :)Krock wrote:There was no older topic about this problem, right? (/ sarcasm)ParaklataChotou wrote:Well, how can I enable that users can access to my server with no need of password?
Empty passwords are allowed by default. Revert the setting "disallow_empty_password" in the server's minetest.conf back to its default value:Code: Select all
disallow_empty_password = false
Visit my server: freextress.ddnsking.com 30002 . mobs, npcs, interesting places, pvp.
Who is online
Users browsing this forum: No registered users and 8 guests