Latest Posts

Topic: Website Login System

Shevonar
Joined: 2011-09-05, 21:28
Posts: 136
Ranking
At home in WL-forums
Posted at: 2012-03-25, 12:01

Not long ago someone complained about the several registrations and login names/passwords for website, game and launchpad (cannot find the post currently). I remember SirVer's answer was something like: launchpad is another website so it requires another account and the separate ingame password is for security. I think it would be nice to have a single password at least for Widelands website and game. To improve the security this password should of course be transmitted and stored (in config) encrypted instead of plain text as it currently is. To realize this some changes in the website and the game code are necessary.

To also include launchpad we could offer an OpenID login for the website, where you could use your launchpad OpenID. Ingame you will still need your Widelands login name and password.

I don't know how much work it is to implement these features, but I think they are nice to have and also improve security. I have not yet dug in the website code that deep to know how everything works. Another problem is that for multiplayer games the new and the old system have to run side by side for some time. There are many things to be considered and I am not sure if it is worth the effort, but I'd like to see something like that in the future.


Top Quote
SirVer
Joined: 2009-02-19, 15:18
Posts: 1439
Ranking
One Elder of Players
Location: Germany - Munich
Posted at: 2012-03-25, 13:39

Big Problem with encryption inside of widelands is that it means linking against a crypto library, i.e. a new dependency that we do not need for other things. Also there is always some hassle with crypto inside of software and shipping.

Writing our own crypto algorithm is out of the question. It is one of the first lessons you learn in each crypto course: do not invent or implement your own crypto algorithms.


Top Quote
Shevonar
Joined: 2011-09-05, 21:28
Posts: 136
Ranking
At home in WL-forums
Posted at: 2012-03-25, 13:48

To drop the md5 code which is currently bundled (https://bugs.launchpad.net/widelands/+bug/536162) we need a crypto library anyway.

Concerning the OpenID support I found a blueprint: https://blueprints.launchpad.net/widelands-website/+spec/openid-support. It doesn't really say much though.


Top Quote