Re: Localized password !?
- From: Josef Spillner <josef ggzgamingzone org>
- To: games-list gnome org
- Subject: Re: Localized password !?
- Date: Tue, 6 Mar 2007 09:03:10 +0100
Am Dienstag, 6. März 2007 03:17 schrieb Abel Cheung:
> That's why I'd suggest dropping them from translation, since they
> most probably look like random words, and most importantly, people
> are expected to change the password once they got their account.
There are two fully separate issues at hands. Let me explain.
The provided passwords will go awayy in the future. They're certainly cute and
in the beginnings of GGZ provided an easy way to create new accounts, but
from a security point of view they're unusual and most certainly unsafe as
well. The GGZ protocol already allows to transmit an initial password along
with the other registration data (login name, email address). Transmitting an
initial password will be mandatory in the future, and we will probably
integrate some password strength checker on the server.
The password encoding isn't specified anywhere right now. We believe that if
the GGZ protocol is UTF-8 encoded XML, it will arrive as XML as well, but no
encoding checking is done beyond what expat does by default. In the mainline
development tree, work is underway to allow for full Unicode usernames and,
in the process of integrating Unicode properly, we will also check the
passwords correctly so users will be able to use up to 16 or more full
Unicode codepoints (characters), which might be hashed before going into the
database, and we don't cut them in the middle.
For the GGZ 0.0.14 branch, I suggest to leave them untranslated for now. I
don't think we're going to merge back the Unicode changes, as they're very
disruptive.
Josef
--
Free online games for everybody: http://www.ggzgamingzone.org/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]