Re: [Nel] A small document for your consumption

[Thierry Mallard]

On Fri, Apr 13, 2001 at 11:34:53AM +0200, Vincent Archer wrote:
> Steps
> -----
> 
> 1: The client initiates a connection to the login service, using the supplied
>    IP and port from the configuration file, with the help of the DNS for IP
>    resolution.
> 
>    Note: DNS spoofing or configuration file modification can lead to LS
>    spoofing and hacking of the login/password information of the client.
>    However, DNS is needed for flexibility of the login service location.

Possibly this can be partially avoided by providing your own DN Server's IP ?
(dunno precisly how the client would connect to it, but still...)

> 2: The client submits its login, password, and system capabilities.

In plaintext ?

> 3: The LS checks the login/password validity, and builds the list of all
>    available worlds according to account information and current system
>    settings. This list contains world names and the IP for the WS of that
>    world.

Maybe the use of challenges would be more secure, but i'm not a specialist in
this matter :-(

> 4: The client selects the world it wants to log on, and submits the IP address
>    of its world service to the LS.

Would it be good if the client could select several worlds ?
(then the negociation following could use this to get a good WS)

> [...]
> 10: The client disconnects from the LS.
> 
> 11: The client initiates a connection to the indicated FES.

I wonder if it couldn't be more interesting if the client disconnects from LS
_after_ having initiated the connection to the FES. Then, if something goes
wrong, the client could goto 4 directly.


Best regards,

-- 
Thierry Mallard              | http://vawis.net
GnuPG key on wwwkeys.pgp.net | http://erlang-fr.org (new)
key 0xA3D021CB               | http://worldforge.org