Empty password warning

User avatar
JSonic
Member
 
Posts: 68
Joined: Fri Jan 13, 2012 17:48
Location: Suomi Finland

Empty password warning

by JSonic » Fri Jan 20, 2012 15:34

I propose an 'Empty password warning'. If you'd leave password empty and connect then server would complain about that.
There could be also config file options like warn_empty_password and/or allow_empty_password.
What do you think?
Stairs are cool!
Minetest-c55 for Puppy Linux
Minetest-c55 PPA: daily, stable
 

User avatar
redcrab
Member
 
Posts: 831
Joined: Tue Dec 13, 2011 13:45
Location: France

by redcrab » Fri Jan 20, 2012 16:14

+100000 ... Hackers loves empty password
I vote for an option : forbid empty password + strong password with a regex/simple rule (min length, special character, digits etc..)
Last edited by redcrab on Fri Jan 20, 2012 17:07, edited 1 time in total.
0.4 for serious builder click here
Dedicated Minetest redcrab server forum at http://minetestbb.suret.net

It's nice to be important but it is more important to be nice.
 

User avatar
sdzen
Member
 
Posts: 1170
Joined: Fri Aug 05, 2011 22:33
Location: Paradise (your not allowed)

by sdzen » Fri Jan 20, 2012 20:58

forbid empty passcode +1 dont mess with what people want their passwords dont want to add minetest to my list of infuriating logins -1
Last edited by sdzen on Fri Jan 20, 2012 20:59, edited 1 time in total.
[h]Zen S.D.[/h] The next generation of tranquility!
malheureusement mon français n'est pas bon :<
Owner of the Zelo's
In game name: MuadTralk, spdtainted, sdzen, sd zen, sdzeno
 

User avatar
dannydark
Member
 
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Sat Jan 21, 2012 20:03

sdzen wrote:forbid empty passcode +1 dont mess with what people want their passwords dont want to add minetest to my list of infuriating logins -1


I agree empty passwords shouldn't be allowed and I also agree with not forcing people into creating a strong password I tend to anyway but I don't agree with forcing them to do it (not for a game... websites/online banking etc are a different thing)

I also think though single player shouldn't require a password currently I just have mine empty as its silly to be asked for a password on single player, so If empty passwords are changed so that they are not allowed they shouldn't effect single player.

EDIT: Actually it would be nice to have the choice to require strong passwords in the server settings so that it can be optional on a per-server basis :D
Last edited by dannydark on Sat Jan 21, 2012 20:04, edited 1 time in total.
 

bwog
Member
 
Posts: 283
Joined: Wed Nov 30, 2011 14:09
Location: United States

by bwog » Sun Jan 22, 2012 02:12

dannydark wrote:EDIT: Actually it would be nice to have the choice to require strong passwords in the server settings so that it can be optional on a per-server basis :D

I hate the strong password things on websites, they always want you to have upper case, lower case, numbers AND punctuation. So unless this one is different, I'm totally against that idea.
 

User avatar
RAPHAEL
Member
 
Posts: 627
Joined: Tue Nov 01, 2011 09:09
Location: Earth

by RAPHAEL » Sun Jan 22, 2012 04:03

I agree there should be a config settings for servers to disallow empty passwords.. but don't bother requiring strong passwords except maybe minimum of 6 characters.
"Before you speak, ask yourself: Is it kind, is it true, is it necessary, does it improve upon the silence?"
My mods: http://goo.gl/n4kpn
(Currently Various, Industrial, Fakeblocks, Jail, MoarCraft, Christmas, Replicator, minetest dev installer for linux, bash mod installer, windows mod installer)
 

User avatar
JSonic
Member
 
Posts: 68
Joined: Fri Jan 13, 2012 17:48
Location: Suomi Finland

by JSonic » Sun Jan 22, 2012 06:23

I don't like so much this strong password thing. People should be able to choose their passwords themselves. -1
Stairs are cool!
Minetest-c55 for Puppy Linux
Minetest-c55 PPA: daily, stable
 

User avatar
Calinou
Moderator
 
Posts: 3157
Joined: Mon Aug 01, 2011 14:26
Location: Troyes, France
GitHub: Calinou
IRC: Calinou
In-game: Calinou

by Calinou » Sun Jan 22, 2012 13:07

Same. Just make a warning if you have an empty password and make the warning pop every time you connect with an empty password (unless you connect to a local server).
 

XCalibur54
Member
 
Posts: 51
Joined: Mon Oct 24, 2011 01:29

by XCalibur54 » Mon Jan 23, 2012 03:51

The main reason people have empty passwords is because they don't want to type in a password every time they join a server. It would help more if the client remembered the password. Of course, there should still be an empty password warning on the initial entry.
Moderator of redcrab's 0.4 server: http://c55.me/minetest/forum/viewtopic.php?id=606
 

User avatar
Jordach
Member
 
Posts: 4523
Joined: Mon Oct 03, 2011 17:58
Location: Blender Scene
GitHub: Jordach
IRC: Jordach
In-game: Jordach

by Jordach » Mon Jan 23, 2012 07:58

XCalibur54 wrote:The main reason people have empty passwords is because they don't want to type in a password every time they join a server. It would help more if the client remembered the password. Of course, there should still be an empty password warning on the initial entry.


Yes, this would be good.
viewtopic.php?f=10&t=19056 Solar Plains Dev Server
 

jn
Member
 
Posts: 106
Joined: Tue Jan 03, 2012 19:15

by jn » Tue Jan 24, 2012 23:58

(Not overly) quick and dirty server-side patch:
Code: Select all
commit 15d24d8b03003920dea15bd1f51dc6554ad6b30e
Author: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Date:   Wed Jan 25 00:43:32 2012 +0100

    server: disallow empty passwords (configurable)

diff --git a/src/defaultsettings.cpp b/src/defaultsettings.cpp
index 1e48183..f3e25ea 100644
--- a/src/defaultsettings.cpp
+++ b/src/defaultsettings.cpp
@@ -95,6 +95,7 @@ void set_default_settings(Settings *settings)
     settings->setDefault("default_privs", "build, shout");
     settings->setDefault("unlimited_player_transfer_distance", "true");
     settings->setDefault("enable_pvp", "true");
+    settings->setDefault("allow_empty_passwords", "false");
 
     settings->setDefault("profiler_print_interval", "0");
     settings->setDefault("enable_mapgen_debug_info", "false");
diff --git a/src/server.cpp b/src/server.cpp
index a0c8a00..101427b 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -2016,6 +2016,17 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
         // Add player to auth manager
         if(m_authmanager.exists(playername) == false)
         {
+
+            // TODO: allow empty passwords in local games?
+            if(g_settings->getBool("allow_empty_passwords") == false &&
+                    password[0] == '\0')
+            {
+                infostream<<"Server: new player with empty password"<<std::endl;
+                SendAccessDenied(m_con, peer_id,
+                        L"Empty passwords are not allowed");
+                return;
+            }
+
             std::wstring default_password =
                 narrow_to_wide(g_settings->get("default_password"));
             std::string translated_default_password =
 

User avatar
JSonic
Member
 
Posts: 68
Joined: Fri Jan 13, 2012 17:48
Location: Suomi Finland

by JSonic » Wed Jan 25, 2012 18:05

jn wrote:(Not overly) quick and dirty server-side patch:

Can you tell how to apply this patch? I tried to copy the code and put it into a new file empty_pw.patch on my local minetest git folder. Then I run this command and that's what I get.
Code: Select all
$ git apply --check empty_pw.patch
fatal: corrupt patch at line 40

I have git version 1.7.0.4, OS is Puppy Linux. What is wrong?
Stairs are cool!
Minetest-c55 for Puppy Linux
Minetest-c55 PPA: daily, stable
 

User avatar
dannydark
Member
 
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Wed Jan 25, 2012 18:12

JSonic wrote:
jn wrote:(Not overly) quick and dirty server-side patch:

Can you tell how to apply this patch? I tried to copy the code and put it into a new file empty_pw.patch on my local minetest git folder. Then I run this command and that's what I get.
Code: Select all
$ git apply --check empty_pw.patch
fatal: corrupt patch at line 40

I have git version 1.7.0.4, OS is Puppy Linux. What is wrong?


Not sure whats wrong with the patch sorry (maybe wrong format? :S don't know), but you could just edit the server.cpp & defaultsettings.cpp files manually?
 

jn
Member
 
Posts: 106
Joined: Tue Jan 03, 2012 19:15

by jn » Wed Jan 25, 2012 18:15

The forum seems to corrupt tabulators (or it's Firefox). I uploaded the patch here: http://paste.opensuse.org/view/raw/23146175
 

User avatar
JSonic
Member
 
Posts: 68
Joined: Fri Jan 13, 2012 17:48
Location: Suomi Finland

by JSonic » Wed Jan 25, 2012 18:42

It doesn't help, I'll edit manually. Thank you. JSonic
Last edited by JSonic on Wed Jan 25, 2012 21:30, edited 1 time in total.
Stairs are cool!
Minetest-c55 for Puppy Linux
Minetest-c55 PPA: daily, stable
 

User avatar
redcrab
Member
 
Posts: 831
Joined: Tue Dec 13, 2011 13:45
Location: France

by redcrab » Wed Jan 25, 2012 20:02

jn wrote:The forum seems to corrupt tabulators (or it's Firefox). I uploaded the patch here: http://paste.opensuse.org/view/raw/23146175


thx .. the patch is applied on redcrab staging server (minetest.suret.net port 30001) and works as explained in this topic.
-- already existing player with empty password still have their empty password accepted..
-- new player can't have empty password by default. :)
Last edited by redcrab on Wed Jan 25, 2012 20:03, edited 1 time in total.
0.4 for serious builder click here
Dedicated Minetest redcrab server forum at http://minetestbb.suret.net

It's nice to be important but it is more important to be nice.
 

kahrl
Member
 
Posts: 236
Joined: Fri Sep 02, 2011 07:51
Location: Rös̓̇chenhof

by kahrl » Mon Jan 30, 2012 17:11

Added it to the wiki patchsets page so it won't be forgotten.
 

jn
Member
 
Posts: 106
Joined: Tue Jan 03, 2012 19:15
 

jn
Member
 
Posts: 106
Joined: Tue Jan 03, 2012 19:15
 

User avatar
dannydark
Member
 
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Sat Feb 11, 2012 20:59



Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.
 

jn
Member
 
Posts: 106
Joined: Tue Jan 03, 2012 19:15

by jn » Sat Feb 11, 2012 21:37

dannydark wrote:Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.

It's not all that easy to decide. People might start a world in single player mode and then use it for a public server, although one could argue that admins should just take care of what they do. I changed it to allow the local player to have an empty password.

Version 2: http://repo.or.cz/w/minetest-c55/jn.git/shortlog/refs/heads/empty_pass_v2

It might be nice to have a client-side warning when locally starting a new player with an empty password.
 

User avatar
dannydark
Member
 
Posts: 428
Joined: Fri Aug 12, 2011 21:28
Location: Manchester, UK

by dannydark » Sat Feb 11, 2012 21:43

jn wrote:
dannydark wrote:Nice work, although this patch shouldn't require people who just want to play locally (single player) to enter a password me thinks.

It's not all that easy to decide. People might start a world in single player mode and then use it for a public server, although one could argue that admins should just take care of what they do. I changed it to allow the local player to have an empty password.

Version 2: http://repo.or.cz/w/minetest-c55/jn.git/shortlog/refs/heads/empty_pass_v2

It might be nice to have a client-side warning when locally starting a new player with an empty password.


Nice I've updated the wiki with the new link, with regards to people starting single player worlds then using them for a public server I would have thought they would have copied it out of the single player directory into the server folder for that, then all they should need todo is update there account to use a password. But like you said this is down to the admins to do this.

I personally keep a backup of my server world which I sometimes use for single player but just remove the auth file so that a new one can be made with no password ^_^
Last edited by dannydark on Sat Feb 11, 2012 21:44, edited 1 time in total.
 

User avatar
ParaklataChotou
Member
 
Posts: 209
Joined: Sat Jun 18, 2016 17:09
GitHub: paraklatachotou
IRC: CareBearWhoCares
In-game: AutistCortana

Re:

by ParaklataChotou » Sat Aug 06, 2016 01:06

redcrab wrote:+100000 ... Hackers loves empty password
I vote for an option : forbid empty password + strong password with a regex/simple rule (min length, special character, digits etc..)

In my case, I would like that the players of my server could join with no need of passwords. It's a creative server. I've seen that there are so many users trying to join in into my server, but they don't know how to type a password "trying to joine the server empty password". Well, how can I enable that users can access to my server with no need of password?

ip: baruman.myddns.me
port: 30001
Visit my server: freextress.ddnsking.com 30002 . mobs, npcs, interesting places, pvp.
 

User avatar
Krock
Developer
 
Posts: 4412
Joined: Thu Oct 03, 2013 07:48
Location: Switzerland
GitHub: SmallJoker

Re: Re:

by Krock » Sun Aug 07, 2016 09:58

ParaklataChotou wrote:Well, how can I enable that users can access to my server with no need of password?

There was no older topic about this problem, right? (/ sarcasm)

Empty passwords are allowed by default. Revert the setting "disallow_empty_password" in the server's minetest.conf back to its default value:
Code: Select all
disallow_empty_password = false
Look, I programmed a bug for you. >> Mod Search Engine << - Mods by Krock - DuckDuckGo mod search bang: !mtmod <keyword here>
 

User avatar
ParaklataChotou
Member
 
Posts: 209
Joined: Sat Jun 18, 2016 17:09
GitHub: paraklatachotou
IRC: CareBearWhoCares
In-game: AutistCortana

Re: Re:

by ParaklataChotou » Sun Aug 07, 2016 14:11

Krock wrote:
ParaklataChotou wrote:Well, how can I enable that users can access to my server with no need of password?

There was no older topic about this problem, right? (/ sarcasm)

Empty passwords are allowed by default. Revert the setting "disallow_empty_password" in the server's minetest.conf back to its default value:
Code: Select all
disallow_empty_password = false

Thank you :)
Visit my server: freextress.ddnsking.com 30002 . mobs, npcs, interesting places, pvp.
 


Return to Feature Discussion



Who is online

Users browsing this forum: No registered users and 1 guest