smart setinfo _pw pass reset (unauthorized access)
 

ok, i have an idea about smart reset setinfo _pw on users machines.
you know setinfo _pw "pass" sits in users config.cfg until you clear it manually. so that you can fall a victim of unauthorized access, especially when you are not the only person using your computer.

i'm new to amxx so my code doesn't work. included just to show examples.

i suggest the following:
1. on connect right after client_authorized() we should save all users passwords in array.
2. then clear them from users configs:


3. right after timelimit has run out we should set those setinfos back:


it's all ok in theory but i have no such a knowledges to build this one from the beginning up to the final end. so any advices would be much appreciated. ty.

p.s.: on the whole i think this functionality should be included in amxx by default (maybe as an optional cvar) since it brings in useful security improvement.

Re: smart setinfo _pw pass reset (unauthorized access)
 

OMG! move this one here http://forums.alliedmods.net/forumdisplay.php?f=11 pls. sorry. delete this message then please.

Re: smart setinfo _pw pass reset (unauthorized access)
 

if u want to make it hard to access write some type of encoder or save it into binary file instead of cfg.

Re: smart setinfo _pw pass reset (unauthorized access)
 

Freecode, yeah, but anyone knowing the principles still can get your config easily. with the scheme stated above we can prevent unauthorized access at all.

Re: smart setinfo _pw pass reset (unauthorized access)
 

using your method wont work. You still gotta save it somewhere while the user isnt playing. If you want something really hard core you would md5 the password ;]

Re: smart setinfo _pw pass reset (unauthorized access)
 

why? when the user isnt playing we shouldn't save anything at all. if he has disconnected, on retry he will have to enter the password again, and that is not the problem since if you are disconnecting probably you decided to leave. (anyway you can still re-enter pass if you've changed the mind)

Freecode, could you please move this topic to the appropriate forum, or should i create there a new one (and trash this one)

Re: smart setinfo _pw pass reset (unauthorized access)
 

md5 hash still sits in user's config, so anyone can steal it from there and use it yourself. the purpose of this plugin is to clear any tracks of user password from config file and in the same time to allow proceed to the next map without any kicks or password prompt as we know if the user is connected > he is authorized to do that (have entered password to enter), and we can safely set back his pass in his console.

Re: smart setinfo _pw pass reset (unauthorized access)
 

Ok. so you remove his password from the config files. Then when he disconnects what do you do with the password? You write it back to the config?

Re: smart setinfo _pw pass reset (unauthorized access)
 

Freecode, when he disconnects we do nothing. setinfo _pw still nulled (we cleared it on client_authorized) so no-one can steal our pass.

Re: smart setinfo _pw pass reset (unauthorized access)
 

And what happens when a server goes off for some reason, or even crashes? Or even changes map when that user is not in the server?