patchFreeciv - Patches: patch #3386, fcdb: move password policy from...

Show feedback again

patch #3386: fcdb: move password policy from server to Lua script

Submitted by:  Jacob Nevins <jtn>
Submitted on:  Sun Jul 8 14:19:08 2012  
Category: generalPriority: 5 - Normal
Status: DuplicatePrivacy: Public
Assigned to: Marko Lindqvist <cazfi>Open/Closed: Closed
Planned Release: Contains string changes: None

Add a New Comment (Rich MarkupRich Markup):

You are not logged in

Please log in, so followups can be emailed to you.


Sat May 13 11:40:53 2017, comment #2:

Handled at hostedredmine:

Marko Lindqvist <cazfi>
Project AdministratorIn charge of this item.
Sun Jul 8 14:29:52 2012, comment #1:

> The script would probably also need access to a MD5 and possibly
> other hash functions, but that should be achievable.

Since I've had a quick look: MD5 is not in the Lua standard library, but there's a third-party implementation.
However, it also comes with 56bit DES. We don't need it, but if we include it, are we going to start having to faff with export control?
We could include it but chop out the DES (and provide a --use-system-lua-md5 for Debianistas).
Alternatively we could expose the current C implementation, but that only exists in the server for auth anyway, and getting rid of it would remove a warning (bug #18872).

Jacob Nevins <jtn>
Project Administrator
Sun Jul 8 14:19:08 2012, original submission:

Currently, all of the password policy is buried in the Freeciv server code, but it seems like something a server operator might well want to customise. For instance, the following are hardcoded in is_good_password():

  • Minimum length 6 characters
  • Restrictions on characters to printable and not certain kinds of punctuation
  • The server can enforce a minimum number of capital or numeric characters, but right now it doesn't and requires a recompile to do so.

It seems to me that it would be better to move this sort of policy out from is_good_password() etc into database.lua where it can be customised.

(This would mean the script handling plaintext passwords rather than MD5 hashes, but I'm fine with that. The script would probably also need access to a MD5 and possibly other hash functions, but that should be achievable.)

(Other aspects like the number of retries -- currently 3 -- could in theory be customisable, but that would require more state in the script.)

Jacob Nevins <jtn>
Project Administrator


(Note: upload size limit is set to 1024 kB, after insertion of the required escape characters.)

Attach File(s):

No files currently attached


Depends on the following items: None found

Items that depend on this one: None found


Carbon-Copy List
  • -unavailable- added by cazfi (Posted a comment)
  • -unavailable- added by jtn (Submitted the item)

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.


    Error: not logged in



    Follow 4 latest changes.

    Date Changed By Updated Field Previous Value => Replaced By
    Sat May 13 11:40:53 2017cazfiStatusNone=>Duplicate
      Assigned toNone=>cazfi
    Sat May 13 11:40:52 2017cazfiCategoryNone=>general
    Show feedback again

    Back to the top

    Powered by Savane 3.1-cleanup