Re: Localized password !?

[Josef Spillner <josef ggzgamingzone org>]

Am Dienstag, 6. März 2007 03:17 schrieb Abel Cheung:
> That's why I'd suggest dropping them from translation, since they
> most probably look like random words, and most importantly, people
> are expected to change the password once they got their account.

There are two fully separate issues at hands. Let me explain.

The provided passwords will go awayy in the future. They're certainly cute and 
in the beginnings of GGZ provided an easy way to create new accounts, but 
from a security point of view they're unusual and most certainly unsafe as 
well. The GGZ protocol already allows to transmit an initial password along 
with the other registration data (login name, email address). Transmitting an 
initial password will be mandatory in the future, and we will probably 
integrate some password strength checker on the server.

The password encoding isn't specified anywhere right now. We believe that if 
the GGZ protocol is UTF-8 encoded XML, it will arrive as XML as well, but no 
encoding checking is done beyond what expat does by default. In the mainline 
development tree, work is underway to allow for full Unicode usernames and, 
in the process of integrating Unicode properly, we will also check the 
passwords correctly so users will be able to use up to 16 or more full 
Unicode codepoints (characters), which might be hashed before going into the 
database, and we don't cut them in the middle.

For the GGZ 0.0.14 branch, I suggest to leave them untranslated for now. I 
don't think we're going to merge back the Unicode changes, as they're very 
disruptive.

Josef

-- 
Free online games for everybody: http://www.ggzgamingzone.org/