[quake3] Re: cl_consoleHistory stores passwords in q3config.cfg
Erik Kloppenburg
kloppenburg at snt.utwente.nl
Sat Mar 31 15:26:19 EDT 2007
Tim Angus wrote:
> A system specific generated file should not be being sent to anyone
> else. It's better to write config files separately for things like
> scripts or specific sets of key bindings.
In the entire Quake 3 community it is very common practice to share
configs with each other. 'Normal' users don't think about what
consequences this can have and usually it has none. The risk of
something happening is much higher thanks to this console history.
Even if you think people shouldn't do it, it's still the reality that
they do and it would be wise to take this into account.
> Regardless, the password systems in Q3 are hardly a pantheon of
> security. Passwords are input and broadcast in cleartext, they really
> don't hold very much value. Therefore it's really pretty questionable
> whether implementing special cases is sensible where it is only to
> protect information that is already insecure.
As I said: config sharing is a very common happening. Sniffing someone's
packets is an entirely different area.
More information about the quake3
mailing list