Verify in game identity

[Posts]

name + player number is not verified in game.

idea for implementation:
random numbers, host lobby client or lobby server generates a random number for each player that joins, each random number is shared by 1 client and the host. number acts as a temporary password for each client, host lobby clients puts all numbers into start script, other lobby clients put their single numbers into start script.

attacks: (i've only done a little testing between two of my computers)

1. players can insert special characters in front of their names to make it more difficult to get kicked, there is a second kick command uses a number instead of a name

2. players can change name to someone who isn't even there, and continue playing as usual, grief

3. player waits around as spectator, waits for a player to fail to connect before the commanders spawn, reconnects with that players identity, grief

4. with just the IP and port number you can connect to passworded games you haven't even joined in the lobby, pick a blank name and sort of go invisible or chat spam, prob will spam sync errors, you could do this long after your banned from the lobby server.

5. use modified start script on another computer computer/etc, and use one of the previous attack, not even a hint that its you.

6. don't know what happens if you pick the player number of someone who is already connected, if you pick the hosts identity i think it causes you to host your own game.

7. able to use a player number that wasn't defined before the game started, desync

8. kicked player can keep rejoining before the commanders spawn.

------

a little off topic: i suspect(just an educated guess) that the current ban system doesn't take advantage of the difficulty to tunnel UPD traffic, i could proxy the lobby TCP to get around a ban, and connect with UDP as usual