Hello. One of these days I wanted to write a plug-in for authorization. There was a question, how I can hide the password by hashing, and then receive from MySQL? I did not find where, I hope, you will tell me.
@ewrs And why do you need an authorization plugin? And you can't truly hide it, if a plugin is intercepting packets then it can catch the password.
I asked you to talk a little about how other plugins, like AuthMe in MySQL, hashes passwords. I found one plugin, it hides the passwords with the help of SHA-256. Type $ SHA $ 09b677e686b48285 $ ccf71d885d9f28f3f15782a820cd ... (This is a test name, you should not guess) http://i.piccy.info/i9/e9a50a1f31dce782e0471205b5c832a1/1537449884/15107/1265090/mi785.jpg
@ewrs That is the server side. That is not problem if you find the right method (don't use md5 though) I am talking about the part where the client types the password and sends it to the server where other plugins can intercept it. And please also answer this question.
I have a mountain of my ideas, but I really do not want to work with someone else's code. Check this: http://i.piccy.info/i9/e9a50a1f31dce782e0471205b5c832a1/1537449884/15107/1265090/mi785.jpg
@ewrs I know what hashing is. But I also know that we can intercept packets. Packets which contain the unhashed password received from the client. That is the part I am talking about. And please also answer this question. (attempt 3 already)
Are you hinting that if the password is incorrect the error will occur? I have a mountain of my ideas, but I really do not want to work with someone else's code. (attempt 2 already )
@ewrs I am hinting that I can intercept the password before your plugin gets it. And why an auth plugin? Why do you need one?
Explain why you need an authentication plugin. If it is just for practice then it is fine, if it is for actual security then it is flawed.
Then everything is fine. https://stackoverflow.com/questions/5531455/how-to-hash-some-string-with-sha256-in-java
@ewrs But why do you want to use it then? As it is unsafe to use. (and useless due to minecrafts own authentication)