RC login with account/communityname
 

Could it be made so you can use the external RC with your community name or email? The same thing works on the client, would only make sense to have it work for RC.

On a related note, do you need to add the community name or account to staff= to allow access?

Community name.

That should be changed to account. Community names are essentially changeable and it's a security flaw (even if a small one).

Sorry for jacking your thread btw

That's been requested for years now. It's stupid that you have to add community name to serveroptions, but you set rights on the account name.

How is it a security flaw?

They are changeable so if you have "SuperMan" in your staff= and he gets a change, and then someone else gets a change to "SuperMan", they have RC.

These SuperMen are going to have the same IP/PCID?

Rights are set via account, therefore the "fake" SuperMan would have *.*.*.* as his IP.

Then he'd have to convince the staff team (that are apparently unaware that SuperMan1 had his community name renamed?) and do it before SuperMan1 notices. Lmao.. I couldn't see this happening in the real world (ever) but I see your point.

In general security holes shouldn't be left open due to a low probability of them being exploited, but yes, it is unlikely.

that's what IP Range is for, to prevent such thing.

:asleep:

Major issue with RC & communityname/account names:

/openrights communityname doesn't work. You have to add their communityname to server options as staff, but then to open their rights you have to do /openrights Graal######. It's a bit annoying to do.

Indeed. Also see this thread.