I've decided to show off something I'm working on in a fork of the TotalFreedomMod. Probably not the best implementation but certainly functional. With this, gone are the days of everything fucking up when two accounts are online under the same IP. Gone are the days of getting the same tag as another person on the same IP. Gone are the days of name changes and IP changes completely fucking everything up.
Here's the branch on the fork: https://github.com/VideoGameSmash…ease-and-thanks
I like this and it's pretty epic. UUIDs make name changing a hassle-free affair and now are gone the days of having to worry about your sibling being admin'd because you share IPs. This should have been done ages ago when TF switched to indef-premium mode.
Still a badmin and bad dev always finding a reason to complain like vro can you just be happy for once and appreicate SOMETHING?
↩ videogamesm12 If there is one problem people should be complaining about, it's this one
Already did that lol
And I don't mind you complaining of bad code as long as you're able to fix it.
This doesn't affect Telnet right? Is authentication still managed by BukkitTelnet?
Wouldn’t this create issues if an admin’s account was breached? It is very rare for this to happen but there is still a chance
↩ You! all admins are asked to make sure our accounts are secure.
Other admins also have tools in order to deal with possible rogues like saconfig remove etc.
And as you said, the chances are very low of an account getting breached. They are even lower that the person who hacked the account knows they're staff on a Minecraft server.
↩ You! @"videogamesm12"#4 I think player verification can and should be done with a combination of UUID and IP.
If both UUID and IP stored match, all's good.
If UUID doesn't match, no rank for you as you're not the right player.
If IP doesn't match, the usual "impostor" thing is triggered and the player must verify themselves.
↩ videogamesm12 I know, for example some server I sometimes go in asks for a personal password after you join.
The trouble with Telnet and HTTPD is that they work on unencrypted connections so sending passwords and such in plain text on the internet is a big no-no.
That's mostly because of the legacy setup. We have a task to look at re-designing the entire way HTTPD works, part of that will cover moving so everything is TLS protected, and part of that will be working out the best way to do auth with it. I suspect in the long term we may be able to use WoltLab when we move to it as the identity provider, so as long as you're logged in with WoltLab you're logged in to the HTTPD server.
↩ @'Ryan' i know Camzie had done something similar at one point, in that your server rank n stuff was all tied to XenForo -- same thing with panel access and everything else. you had perms on the forum, you had the perms ingame, via any web services you were supposed to have access to, etc
edit: this is what i was talking about -- https://bitbucket.org/Camzie99/pylon-plugin/src/master/src/
