[Nel] A small document for your consumption
Thierry Mallard
thierry@mallard.com
Mon, 16 Apr 2001 21:59:43 +0200
On Fri, Apr 13, 2001 at 11:34:53AM +0200, Vincent Archer wrote:
> Steps
> -----
>
> 1: The client initiates a connection to the login service, using the supplied
> IP and port from the configuration file, with the help of the DNS for IP
> resolution.
>
> Note: DNS spoofing or configuration file modification can lead to LS
> spoofing and hacking of the login/password information of the client.
> However, DNS is needed for flexibility of the login service location.
Possibly this can be partially avoided by providing your own DN Server's IP ?
(dunno precisly how the client would connect to it, but still...)
> 2: The client submits its login, password, and system capabilities.
In plaintext ?
> 3: The LS checks the login/password validity, and builds the list of all
> available worlds according to account information and current system
> settings. This list contains world names and the IP for the WS of that
> world.
Maybe the use of challenges would be more secure, but i'm not a specialist in
this matter :-(
> 4: The client selects the world it wants to log on, and submits the IP address
> of its world service to the LS.
Would it be good if the client could select several worlds ?
(then the negociation following could use this to get a good WS)
> [...]
> 10: The client disconnects from the LS.
>
> 11: The client initiates a connection to the indicated FES.
I wonder if it couldn't be more interesting if the client disconnects from LS
_after_ having initiated the connection to the FES. Then, if something goes
wrong, the client could goto 4 directly.
Best regards,
--
Thierry Mallard | http://vawis.net
GnuPG key on wwwkeys.pgp.net | http://erlang-fr.org (new)
key 0xA3D021CB | http://worldforge.org