Inactive [ADMN/SEC] Server Security v0.1 - Keep Your Players Safe With a Secondary Password! [CB1.3.2-R.1]

Server Security​

A simple authentication system for any server! This is a good secondary system to help protect your players and their accounts. No offline mode servers can use this plugin due to bukkit's regulations on piracy.

Commands:

/ss set <password>

This sets the password. First time users set it then log in, Others Who have a password must log in before setting the password.

/ss login<password>

This allows players to log in with the correct password.

Features:

- Secure your account
- Players not logged in can not chat
- Players not logged in can not break/place blocks
- Players not logged in can not open inventories
- Players not logged in can not drop/pickup items
- No MYSQL or any other database
- Passwords Encrypted for your safety
- NO OFFLINE-MODE SERVERS

Up-Coming Features:
- Admins can reset passwords if player accepts the reset
- Configurable what players can/can't do.
- Log out command
- ???

Downloads:

Server Security v0.1

Changelog:

v0.2
- Added ONLINE-MODE Check

v0.1:
- Release
- Secure your account
- Players not logged in can not chat
- Players not logged in can not break/place blocks
- Players not logged in can not open inventories
- Players not logged in can not drop/pickup items
- Passwords encrypted for your safety

 

Add a space after "Password!" in your title.

 

Sounds good for large servers, sounds bad for people with bad connection.

 

Are the passwords salted? Why do you use MD5 when it is deemed not cryptographicly safe?

 

I use MD5 because that is more than enough for minecraft security, only the up-most trusted people should have access to the servers core files, including the plugins folders.

The passwords are not salted, yet at least... if the safety of the passwords is a great concern i can add that to the plugin.
Thanks for replying!

May i ask why it's bad for players with bad connections?

Thanks!

Edit:
Fixed spelling mistakes

 

Why do you hash them at all if that is your approach?

 

I hash them for the comfort of the players knowing their password is safe. I also hash them knowing not all the people of the world know how to decrypt MD5. If it does become an issue i can easily add other options such as SHA-1 and salting.

Thanks for your concerns!

 

They will be disconnected a lot (if super unlucky) and have to enter a command on login. (But other than that seems good for security, don't want any importers)

 

I made some similar to this some time ago. Feel free to check it out. https://github.com/Wundark/PlayerProtect/

 

Suggestion: If the player is offline for less than 5 min (configurable) they won't have to re-enter their password on login. After that time, they would have to enter their password again.

 

Why don't you use Sqlite ? Using a basic text file is going to be veryy slow..