Remove IP-based roles, give ranks to UUIDs directly

IP-based roles are from a time when we were a cracked server. As this is no longer the case, it makes more sense to use UUIDs.

Vouch.

I vouch, considering the premium status of the server, this is the most ideal solution and it solves IP conflicts.

I'm pretty sure the server was working on this just before Seth had his episode, so I don't see why we shouldn't resume this.

I think right now we seem to be a mix of UUID and IP based in TFM, which is really really frustrating.

TFM doesn't as far as I'm aware actually work well in offline mode anymore due to how much is tied to UUID's already.

Unless anyone can give me a major reason this shouldn't go ahead, I'm quite keen that we look to make this change.

vouch, fuck IP based verification

Quote

@lyicx#4030 vouch, fuck IP based verification

IP-based verification is not only a quirk of TFM's inconsistent reliance on differing standards with respect to various commands, however acts as an additional step in verifying that the recipient administrator is legitimate.

Minecraft accounts in their current form have no method of two-factor authentication. Thusly, it is not difficult to break into accounts which are improperly secured. In addition to lacking the TOTP standard, Mojang Studios uses security questions to verify the legitimacy of account owners, which can be worse than having nothing at all.

Microsoft account integration will hopefully change this, and render TFM's usage of IP addresses for verifying administrators useless (provided that everyone migrates, which I'm sure people won't go through with, probably for some dumb stubborn line of reasoning) but that hasn't happened yet.

It's easy to forget why this feature is in place, and I was only reminded of its significance earlier this week.

@fssp#4034 TFM at no point implemented the feature in order to second guess Mojang security, it was implemented because TFM was written before UUID's originally for one thing and when the server was running in offline mode rather than online mode.

While I appreciate that Mojang's account security isn't perfect, it's also not our responsibility to second guess their security, and if you can't secure your Mojang account, then you're more fucked than someone imposing as you on here let's be fair...

Vouch

Vouch. I seriously think this is a major security flaw.

Say for example Wild started using an OpenVPN server that was public.
And then, I, who play regurarly here, use that same VPN Server, I would appear with owner rank then the staff would perm ban me for "hacking into the VPS" just cause I used the same VPN as Wild???

vouch

@wild1145#4037 Considering this server has an elaborate history of its security being breached through the violation of game accounts, "second guessing" the game's security would be necessary to protect the server's basic interests of not being undermined by simple attacks.

Account security should not rely on the end-user being educated in how to protect their account when it is inevitably breached as a consequence of popularity; rather, options such as two-factor authentication (even a basic, rather outdated primary method of validating an account through landline calling or text messaging) or one-time passcodes should've been afforded from the start.

Mojang's account security is terrible. Even if TFM's IP-based verification in the context of administrator sign-ins was not implemented with the sole intention of acting as a safeguard, it should not be removed. Many administrators have detailed stories of their accounts being breached, and the integrity of their person having been ensured by IP-based verification.

@fssp#4080 To my knowledge most if not all of those "Attacks" were when we were in offline mode, and not actually targeting an admins account. As I say, if their account has been breached odd's are everything else we would use to verify them should be assumed to be compromised as well because odd's are you're using a shit password with shit security questions, and that same shit password is being used everywhere.

IP Addressing is ultimately not a reliable way to actually verify admins or anyone is who they say they are, again that's just the nature of using that sort of technology, and given we don't own the account management side of things (Mojang do) we can't enforce additional security restrictions where we could on other platforms where we manage the end-to-end authentication flow.

The TFM IP Verification ultimately is a legacy piece of functionality and isn't something needed on the server, if your MC account is compromised, it's already too late as far as I'm concerned because you'll have perms on non-TFM servers that don't IP Verify for one thing, and as I say, we would have to then assume for the most part that all your other online accounts have been compromised.

vouch because bad security is bad

Vouch
ive had issues with my friends coming over and joining the server on my ip, and that creates a rank crisis.

plus I’d love to go incognito on an alt without people recognising me

I don't think its as serious as a problem as people are making it out to be, lmao, but vouch

@Motionally#5055 i don't think any admin will "go on a rampage" though
vouch

I've created FS-78 to work with the dev team to scope out what this would look like, as there will be some things we'll need to significantly change like how telnet and HTTPD work as they're dependent on IP address verification at the moment. It's been raised as a larger package of work so once we know what it's going to look like to do this and the technical challenges and we've got tasks raised, I'll update people on a new thread.