Zach, make a new plugin - Ingame login

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Zach, make a new plugin - Ingame login

Pitfallingpat
Inspite of the recent hacking of dave's account, You should make a new plugin that requires all people with worldedit to enter a password ingame before we use any worldedit or staff commands so stolen accounts cant do what happened today. Then add the worldedit password to the censor list to prevent us from acidently saying it. (and deop everyone, find a way to elimiate the need for op build in spawn for staff)
Possible?
Things I've build or worked on and want to show off!
/Warp Circlecastle
/Warp worldsphere
/Warp spiral (and) /Warp spiral 2
/Warp Impossible
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

Pwego
Administrator
+1
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

Devastator2000
Best idea evar.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

EviiL
In reply to this post by Pitfallingpat
There are plugins like this but require everyone to create an account, thats what i think we should do make everyone make an account so anyone who hacks an account like daves wouldnt know the password and cant move or anything. This will also hopefully stop any griefers using the excuse of "my little brother was using my account"
[Vip3]

Me:
"Your opinions and thoughts affect yourself, Your actions affect others"
"Just stop, its just sad to watch you fail at this"
"If your going to insult me, at least spell my name right next time kid"

http://metrikdesigns.deviantart.com/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

LARPADARP
In reply to this post by Pwego
so pwego are we adding it ingame then? it works on another server i go on.
"It's not who i am underneath, but what i do defines me…"

                          -Batman
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

Hypuhrr
Administrator
@EviiL No, we can't make everyone use that horrid plugin that makes you "register" your account.  This is only for arch+ with cuboid powers.

@LARP you aren't thinking of this same plugin we are talking about.  This one isn't made yet.


My thoughts, it's a good idea.
Coalition of Builders founder and admin. [Admin]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

MoseThis
In reply to this post by Pitfallingpat
Sounds like a good idea, but couldn't ppl just possibly hack this as well? Probably not as easily though. But there probably needs to be things done to bukkit or w/e, or the main minecraft multiplayer to prevent stuff like this better.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

Evitinia
In reply to this post by Pitfallingpat
This really seems like a good idea, maybe also want to take that for my own server when its done :P And hopefully then, the griefing would become less that annoying
http://h8.abload.de/img/p130711_15.030001mhj0.jpg For those who can get it!^^
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

NightmareFH
In reply to this post by MoseThis
Add this:

After 5 consecutive failed attempts in (x) amount of time, the account in question is perma-banned until their identity can be confirmed.

Since OP's are exteremely well-known to Pwego, I'd go so far as to say that only Pwego could un-ban said account and it would be up to Pwego's discretion as to verifying the account is actually in control of it's owner.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

NightmareFH
This post was updated on .
In reply to this post by Pitfallingpat
Brainstorming:

How would this work?

One password for WorldEdit in general, or seperate passwords for each op?

Password Request when...?

  1. Require world edit password upon log in.
  2. Have a command to initiate world edit
    a) upon entry of command request account permissions
    b) if permissions include world edit
    c) request world edit password.
  3. ...

Would there be a time frame for world edit permissions before having to re-enter password?
If so, how long would permission be active?

How would password file encryption work (if any/if needed)?


That's all I can think of at the moment... feel free to throw some ideas out.

Idle time-out would limit the "my brother did that while I was in the bathroom" things.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

flamin_scotsman
Separate passwords for each op is trivial enough to implement!

I think on first WE command would be best implementation (possibly including give and other high level commands too?).

Time frame is again easy enough to do - 5 mins from last WE command is a safe enough bet I guess?

Why would we want encryption not that it is hard to do or anything, just if the server is compromised at the file system/shell level, then we're screwed no matter what -.-
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

butkicker12
There is already a plugin that does this.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

flamin_scotsman
butkicker12 wrote
There is already a plugin that does this.
A plugin which requires a password before using a flexible set of commands, or one which requires everyone to use a password to log in to pwegoserver and which would most likely ecause even more lag due to the size the associated datafile would become and annoy everyone to hell? (excluding AuthDB, I have great respect for those guys!)

NB. linking to the plugin would make scoping it out a bit easier :P
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

RockGeek
In reply to this post by Pitfallingpat
love the idea but it might be hard to impliment ingame if its entered in wrong it should also send a notifcation the the server controll panel about the failed password attempt but this would be easy to break if an op/admin chooses an easy password or is lazy and picks one thats the same as there minecraft account password (Case and point someone i know who likes something a bit too much) (he knows who he is but i have never seen him on the forums before)
Owner and sole creater of Atlantis
-Midorian achipelago- project leader/manager
my net derped
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

flamin_scotsman
This post was updated on .
RockGeek wrote
love the idea but it might be hard to impliment ingame
Nah, not really ^^

RockGeek wrote
if its entered in wrong it should also send a notifcation the the server controll panel about the failed password attempt
There's a server control panel? Should be feasible, but don't know how it gets messages from minecraft :P I guess it strips from the logger?

Rock Geek wrote
but this would be easy to break if an op/admin chooses an easy password or is lazy and picks one thats the same as there minecraft account password (Case and point someone i know who likes something a bit too much) (he knows who he is but i have never seen him on the forums before)
Isn't too hard to add some simple password rules - must be >= 8 chars, must have at least 1 symbol etc., and just hope they aren't stupid enough to re-use their minecraft password -.-
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

sycoinc
In reply to this post by Pitfallingpat
<like>
[VIP2]Sycoinc
Current Project: Forbidden City of Beijing
New Pwegoable Website Topic: Click Here
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

butkicker12
In reply to this post by flamin_scotsman
Zach would use MySQL. Anybosy with a decent sized brain would not use flatfile in a case like this.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

flamin_scotsman
This post was updated on .
Erm, why? the main use for databases is dealing with high volume ACID applications at a (usually) slower speed than flatfile. As we would probably have at most ?20? entries, why add a maginally slower plugin? -.-
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

ZachBora
Administrator
In reply to this post by butkicker12
meh... I'd just md5 the password and username and store it in a data file.
Don't need to waste MySQL calls for this. What I would do is give 3 tries then lock that user from trying again until we remove his name from a black list.

How I would do it is to intercept everything starting with // and the couple of single / from the command list that could be harmful. At first use, it prompts them to enter the password. Then, if they haven't used any commands for awhile (say 15min) it prompts them again. Also prompts at each login.


But if something already exists we'll just use that.
ZB, Admin, Software developper
{USERNAME) PMC SigCard
PLANEMINECRAFT SIGN Y U NO UPDATE?!?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Zach, make a new plugin - Ingame login

butkicker12
12
Loading...