Basically, if you wanted to protect some names, for example, your clan members names, so only they could use them, then you had to add them to admins.ini, and set rights to at least 1. This way, they couldn't execute commands, but their names were protected and only people knowing the password could use them.
This was also used as an admin authentication mechanism.
The problem with this mechanism was that you had to set CVar with your password with setu command, which sets a CVar as userinfo cvar. Every userinfo cvar is always sent by client during connection.
It wasn't secure because if you had your password set this way, then each server you were connecting to, could with high possibility capture the password and gain control over the server.
Also as own3mall stated in his thread, it wasn't flexible enough to always require admins to use same names and so on.
So now, you give a general login and password for administrators.
This way there can be 2 admins on the server, with different names, but using the same admin priviledges by loggin in with the same login and password.
But you may still want to have a feature of protecting names. Then you can use new commands to protect names in pretty the same fashion as it was with old Admin System.
So if you want to protect your admins name, add them to protected names.
They will have a protected name and still can use various admin priviledged logins and passwords.
I may add a whitelist, but in the end, please remember that there always has been a 500ms delay for RCon commands. We've removed the delay because hackers could freeze the RCon access.
Now we filter each kind of packet, but this shouldn't cause RCon freeze.
Also you will be properly listed by game search engines, even if you are currently under DoS/DDoS attack.
I've been told that there is a potential admins system security hole. I'll investigate this today, and if this is true, then there'll be an update available through auto-update system.
This way we'll also test how the auto-update system works.
However, it won't work if you set up sv_updatedelay to some big value. The default is 12, which means that patch will perform update check every 12 hours.
Please keep your logs, and check them to see if update process went fine.
my rcon program won't work correctly, because I can't send them as fast. You can test by doing this:
bind x rcon say "whatever"
then go in the server and hold down x
previous version were very fast
this version you can see a much longer delay
That's fine if it has to stay this way, I will just have to rewrite my program with a delay between, but other rcon programs may have the same problem.
![Razo[R]apiD is offline](images/statusicon/user-offline.png)
![Razo[R]apiD's Avatar](image.php?s=74db0746b83f8a85784f91c4fa5806e1&u=3&dateline=1275677155 "Razo[R]apiD's Avatar")
RC3 Additional Information
Reply With Quote
