The auth/record system needs a total rewrite and it would be great to use the builtin mm module introduced in wsw 1.0.
Mostly for security concerns:
No more storing pw's in plaintext in the db
If a malicious gametype knows rs_authField_Name/Pass (not that hard to guess :S) then they have access to player's credentials.
Our only line of defense against SQL injection are player name restrictions (backticks and char length)
We use MD5 as a hashing algorithm (haven't checked what mm module uses, but md5 is not secure) to encrypt server<->db communications, afaik client<->server is unencrypted.
We could remove mosquitto and libmysql (nothing against them, just seems unnecessary)
I haven't read up on what mm exposes to the gametype, we may need to extend it for checkpoints and other race specific things. This is a long term goal and I'm sure vic would be willing to consider merging any reasonable changes to client we need.
Floor is open for discussion on next steps, again long term goal.
The auth/record system needs a total rewrite and it would be great to use the builtin mm module introduced in wsw 1.0.
Mostly for security concerns:
I haven't read up on what mm exposes to the gametype, we may need to extend it for checkpoints and other race specific things. This is a long term goal and I'm sure vic would be willing to consider merging any reasonable changes to client we need.
Floor is open for discussion on next steps, again long term goal.