[Question] Rate limit password entry for multiplayer #8339
Comments
|
If you restart a network server, the company passwords are reset. make sure to give new ones, or someone else may log in and mess with your company. |
|
Thanks. I did issue a new password. |
|
Does OpenTTd rate limit password attacks ? |
|
I don't think OpenTTD rate limits password entry, but I think it would be a good idea to start rate-limiting password entry. The rate limit should be able to be configured at least in |
|
I tested further but now cannot figure out how my old trains get restarted, it does not seem to be from loading a save game into multiplayer mode. |
TinCanTech
changed the title
|
Changed topic. |
|
Should there be a new message when a client tries to join, but has exceeded the rate limit in doing so? For example, "You have attempted to join [the game] too many times. Please wait …" |
|
Is there a point in doing so though? If they are typing passwords by hand, then they will never be fast enough to be a threat to anything. If they are using some automated script, they would be able to circumvent this by starting a new client (or writing the packets so that it looks like it's from a new client), and you'd have to resort to rate limits based on the client IP address. |
|
We are in the process of replacing passwords with something more secure: #8420 This would resolve this ticket, I think. |
TrueBrain
added
bug
Version of OpenTTD
1.9.3
Expected result
Actual result
Steps to reproduce
I have four 520 year old trains which i keep for posterity. Upon restarting from a full system reboot these four trains had been restarted on their original orders. One was subsequently auto-upgraded. Some kind of initial variable maybe.
The text was updated successfully, but these errors were encountered: