X-Base Bugtracking

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
000897xShunterxShunter featurespublic2012-08-26 23:392012-08-27 16:21
ReporterxOR 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Versionv0.2 
Target Versionv0.3Fixed in Version 
Summary000897: !lockaccount trigger to lock account of other admins
Descriptionin a typical OpenTTD community only a few admins will have access to the admin account configuration. now if the password of an admin account gets exposed or an admin account even got hacked it would be a disaster, if none of the admins with necessary access to change the account password would be online at the moment.

therefore in case of emergency any admin should be able to lock the account of another admin. a new "!lockaccount <Account>" command should be introduced that enables this emergency account lock for all admins.
Additional Informationprobably trial admins shouldn't have the permission but in the end it's configurable anyway, so communities can decide on such details for themselves. also, as usual, it's configurable whether that command is available at all.
TagsNo tags attached.
SVN revision
Attached Files

- Relationships

-  Notes
User avatar (0000499)
ST2 (reporter)
2012-08-26 23:59

well, lets hope that who use hacked admin credentials don't lock other admins accounts :P
I was thinking on changing admin client too, to send via console: say_client 1 "!alogin username password"
But the result is the same, a private message to server. Dumb me... ofc, say_client 1.... duh (wake up ST2 :)
User avatar (0000500)
xOR (administrator)
2012-08-27 00:06

well, lets hope that who use hacked admin credentials don't lock other admins accounts :P <-- that's a valid point, but if all accounts get locked it's still better than one account that could get used to just ban each and everyone. also the chances are lower that someone who got hold of an admin account knows the command or finds out about it before any other admin locks his account.

about the other thing: i have also thought about but without server patch i don't see any way to hide it from the screenshots. the only thing i could do is disallow screenshots for X seconds after an admin login was done (X being the time chat messages need to disappear). but it won't be easy to implement, so i am still thinking there must be a better way.
wish we could just disable the chat messages but it's not possible...
User avatar (0000501)
ST2 (reporter)
2012-08-27 16:21
edited on: 2012-08-27 16:21

maybe to prevent that a hacked admin credentials lock all other admins accounts could be: a admin account that lock more then X (maybe 2 or 3) admin accounts in a row, gets auto locked itself. (only a ideia :)



Copyright © 2000 - 2011 MantisBT Group
Time: 0.0942 seconds.
memory usage: 7,481 KB
Powered by Mantis Bugtracker