Joined: Thu Apr 18, 2002 11:04 pm
Posts: 9239
Location: Seattle
|
|
Quake-engine servers have a bug that allows for the server.cfg (and any other configuration file) to be sent to any client that asks for it. In doing this, the client can easily learn your rcon password.
The good news is that a workaround is very simple. We can set your server's command line up so that it executes a configuration file like serverADKJAGHYU1213215.cfg -- with random letters and numbers making it into a sort of password of its own, and which clients won't be able to guess and download.
This workaround is made possible by the fact that clients can't get a list of files on the server; they can just request specific files by name. Using an unguessable configuration file name ensures that your file can't readily be snooped.
|
|
Login
Register
FAQ
Search
