Auth

@ewrs And why do you need an authorization plugin?
And you can't truly hide it, if a plugin is intercepting packets then it can catch the password.

 

Because then the client has to send it hashed, and you can't tell it to do that with plugins.

 

@ewrs That is the server side.
That is not problem if you find the right method (don't use md5 though)

I am talking about the part where the client types the password and sends it to the server where other plugins can intercept it.

And please also answer this question.

 

@ewrs I know what hashing is.
But I also know that we can intercept packets. Packets which contain the unhashed password received from the client. That is the part I am talking about.

And please also answer this question. (attempt 3 already)

 

@ewrs I am hinting that I can intercept the password before your plugin gets it.
And why an auth plugin? Why do you need one?

 

It is a security issue, I can see the passwords if I want before they are hashed.

 

Explain why you need an authentication plugin.
If it is just for practice then it is fine, if it is for actual security then it is flawed.

 

Then everything is fine.
https://stackoverflow.com/questions/5531455/how-to-hash-some-string-with-sha256-in-java

 

But why do you need to use an authentication plugin then?

 

@ewrs But why do you want to use it then? As it is unsafe to use. (and useless due to minecrafts own authentication)

 

Locked
Offline mode is not supported by Bukkit