Inspite of the recent hacking of dave's account, You should make a new plugin that requires all people with worldedit to enter a password ingame before we use any worldedit or staff commands so stolen accounts cant do what happened today. Then add the worldedit password to the censor list to prevent us from acidently saying it. (and deop everyone, find a way to elimiate the need for op build in spawn for staff)
Things I've build or worked on and want to show off!
/Warp spiral (and) /Warp spiral 2
There are plugins like this but require everyone to create an account, thats what i think we should do make everyone make an account so anyone who hacks an account like daves wouldnt know the password and cant move or anything. This will also hopefully stop any griefers using the excuse of "my little brother was using my account"
"Your opinions and thoughts affect yourself, Your actions affect others"
"Just stop, its just sad to watch you fail at this"
"If your going to insult me, at least spell my name right next time kid"
Sounds like a good idea, but couldn't ppl just possibly hack this as well? Probably not as easily though. But there probably needs to be things done to bukkit or w/e, or the main minecraft multiplayer to prevent stuff like this better.
After 5 consecutive failed attempts in (x) amount of time, the account in question is perma-banned until their identity can be confirmed.
Since OP's are exteremely well-known to Pwego, I'd go so far as to say that only Pwego could un-ban said account and it would be up to Pwego's discretion as to verifying the account is actually in control of it's owner.
A plugin which requires a password before using a flexible set of commands, or one which requires everyone to use a password to log in to pwegoserver and which would most likely ecause even more lag due to the size the associated datafile would become and annoy everyone to hell? (excluding AuthDB, I have great respect for those guys!)
NB. linking to the plugin would make scoping it out a bit easier :P
love the idea but it might be hard to impliment ingame if its entered in wrong it should also send a notifcation the the server controll panel about the failed password attempt but this would be easy to break if an op/admin chooses an easy password or is lazy and picks one thats the same as there minecraft account password (Case and point someone i know who likes something a bit too much) (he knows who he is but i have never seen him on the forums before)
Owner and sole creater of Atlantis
-Midorian achipelago- project leader/manager
my net derped
love the idea but it might be hard to impliment ingame
Nah, not really ^^
if its entered in wrong it should also send a notifcation the the server controll panel about the failed password attempt
There's a server control panel? Should be feasible, but don't know how it gets messages from minecraft :P I guess it strips from the logger?
Rock Geek wrote
but this would be easy to break if an op/admin chooses an easy password or is lazy and picks one thats the same as there minecraft account password (Case and point someone i know who likes something a bit too much) (he knows who he is but i have never seen him on the forums before)
Isn't too hard to add some simple password rules - must be >= 8 chars, must have at least 1 symbol etc., and just hope they aren't stupid enough to re-use their minecraft password -.-
Erm, why? the main use for databases is dealing with high volume ACID applications at a (usually) slower speed than flatfile. As we would probably have at most ?20? entries, why add a maginally slower plugin? -.-
meh... I'd just md5 the password and username and store it in a data file.
Don't need to waste MySQL calls for this. What I would do is give 3 tries then lock that user from trying again until we remove his name from a black list.
How I would do it is to intercept everything starting with // and the couple of single / from the command list that could be harmful. At first use, it prompts them to enter the password. Then, if they haven't used any commands for awhile (say 15min) it prompts them again. Also prompts at each login.
But if something already exists we'll just use that.
ZB, Admin, Software developper
PLANEMINECRAFT SIGN Y U NO UPDATE?!?