--- Julien Pierru wrote: > After a few month of testing the tracker for flights on CVS MP servers > has > proven quite reliable. > I think it would be a great feature to be made available to the entire > FG > community. However with a production use comes the problem of positively > identifying a user on a MP server, so that no 2 users can have the same > callsign.
Does the MP server code not currently handle this and reject the second user? > So KoverSrac and I think that an authentication system would be useful. > Authenticated users could have their callsign protected and have their > flights tracked (for those who don't know what I am talking about visit: > http://fgfs.i-net.hu ). > > A few questions arise, first what do you guys think about an > authentication > system, second what would be the best way of implementing it within FG > and > third would it be limited to be used by the tracking system or as a way > of > moderating the mp servers. I think any authenication system must be a) optional b) easy to use. While setting oneself up for MP is fairly trivial, it does require a bit of effort on the part of the user, and some people find it a bit challenging. Anything we do make this more difficult will reduce take-up and exclude some newbies. So any authentication mechanism should be as easy-to-use as possible. Secondly, I'm not sure such a system should be mandatory. For example, if I'm running a MP server in an enclosed environment with a resticted set of clients, say a museum, the overhead of an authentication mechanism is more hassle than it is worth. So, I think any authentication mechanism should be optional on the server at least. So, here's a modest proposal: 1) Two classes of user: a) Users who have accounts on an LDAP directory, DB, whatever. b) Guests, who don't. 2) Account holders have a key generated based on their call-sign (*). This is transmitted with the MP position data. The MP server uses it to authenticate the user. MP server doesn't need to check against the LDAP directory. The MP server provides a simple cli to generate a key for a given call-sign, but I guess it'll simply be some hash or PKI encrypted value. 3) Guests call-signs are prefixed with, say, "G", or something that account holders cannot choose. If guests call-signs collide, either the MP server can resolve it, or possibly we don't care and can handle two users with the same call-sign on the server? -Stuart * OK, so this isn't secure (you can snoop the MP packets) or time-stamped. I'm not sure I care enough. ___________________________________________________________ The all-new Yahoo! Mail goes wherever you go - free your email address from your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel