Jump to content




MineBox-Inter Server Item Storage


29 replies to this topic

#21 amtra5

  • Members
  • 166 posts
  • LocationMelbourne, Australia

Posted 21 March 2013 - 06:52 PM

View Postmailmanq, on 21 March 2013 - 05:29 PM, said:

How will it deal with items that don't exist, like if a server lacks a mod, the player would lose that item but not actually get it, eh, no program can be truly idiot proof. Also a neat feature would be banned items, so if one server lava buckets banned, you can't get them from another one.

View PostPixelToast, on 20 March 2013 - 03:44 AM, said:

a password
you can also modify the http api to prevent anyone from accessing it

Modify the HTTP api, work around, don't install the HTTP API, also I was stupid and didn't think a password for a server.
Hopefully it will store items by Block ID, and also hopefully you can add nicknames

#22 superaxander

  • Members
  • 609 posts
  • LocationHolland

Posted 21 March 2013 - 07:04 PM

View Postimmibis, on 21 March 2013 - 05:03 PM, said:

View Postsuperaxander, on 20 March 2013 - 07:52 PM, said:

You could still go in creative spawn some items and put them in.
Which is why they wouldn't give creative servers an API key, duh.
But a admin can still change themselfs to creative and cheat on another server.

#23 Engineer

  • Members
  • 1,378 posts
  • LocationThe Netherlands

Posted 22 March 2013 - 11:31 AM

If you really want it to be a secure thing, we (this thread) should make it into the java. For example you cant simply track down if a player is in creative or not, or somehow you can track items down if its not cheated in somehow. (with CC)
I have just little experience in Java and im not thinking about modding anytime soon, I first want to understand the language properly. I say this because I dont know if MC lets you even track the items.

All this is just concept but will contribute a whole new layer off security. To fit in the style, it should be an add-on to CC, a whole separate mod for this is to my opinion not needed.

Thanks for reading

#24 PixelToast

  • Signature Abuser
  • 2,265 posts
  • Location3232235883

Posted 22 March 2013 - 02:22 PM

  • protect host computer
  • do everything over HTTP
  • if needed, send a rednet message to the host indicating there is an update
  • make sure user's password are SHA-1 and salted
if you follow these you will not need to limit rednet / http in order to have a secure connection

#25 GravityScore

  • Members
  • 796 posts
  • LocationLand of Meh

Posted 22 March 2013 - 09:25 PM

View PostPixelToast, on 22 March 2013 - 02:22 PM, said:

  • protect host computer
  • do everything over HTTP
  • if needed, send a rednet message to the host indicating there is an update
  • make sure user's password are SHA-1 and salted
if you follow these you will not need to limit rednet / http in order to have a secure connection

SHA-1 is not a secure encryption technology!!! You have no excuse to not encrypt things properly if you're using PHP! It's as simple as going:
$password = "thisisapassword";
$hashed_password = hash("sha512", $password);

SHA-1 has many found collisions, and is easy to crack using simple online crackers, especially if the password is insecure. Please, for the safety of your users, do some research into password encryption and salting, and chose something from the SHA-2 family, such as SHA-512 used above. I even have a pure Lua version of SHA-256 and SHA-244 available!

Then your password is turned into a 512-bit string of pure RANDOMNESS!

#26 theoriginalbit

    Semi-Professional ComputerCrafter

  • Moderators
  • 7,332 posts
  • LocationAustralia

Posted 22 March 2013 - 09:42 PM

View PostGravityScore, on 22 March 2013 - 09:25 PM, said:

Then your password is turned into a 512-character string of pure RANDOMNESS!
SHA-512 doesn't mean its turned into a string that is 512 characters long. it means that its 64 character long... waahhh you might say? 512 bits / 8 bits to the byte = 64 bytes ... 1 ASCII character is 1 byte ergo 64 characters long...

#27 GravityScore

  • Members
  • 796 posts
  • LocationLand of Meh

Posted 23 March 2013 - 12:11 AM

View PostTheOriginalBIT, on 22 March 2013 - 09:42 PM, said:

View PostGravityScore, on 22 March 2013 - 09:25 PM, said:

Then your password is turned into a 512-character string of pure RANDOMNESS!
SHA-512 doesn't mean its turned into a string that is 512 characters long. it means that its 64 character long... waahhh you might say? 512 bits / 8 bits to the byte = 64 bytes ... 1 ASCII character is 1 byte ergo 64 characters long...

Whoops, missed that! Thanks for pointing it out. I meant to say 512-bit string :P

Wasn't thinking :P

#28 PixelToast

  • Signature Abuser
  • 2,265 posts
  • Location3232235883

Posted 23 March 2013 - 08:38 AM

View PostGravityScore, on 22 March 2013 - 09:25 PM, said:

SHA-1 is not a secure encryption technology!!! You have no excuse to not encrypt things properly if you're using PHP! It's as simple as going: [CODE]
are you kidding me?
do you really think anyone will compromise a silly minecraft mysql database?
and it will be salted -_- meaning you wont be able to use rainbow tables, you will have to do a brute force wich takes ages, also cant just look it up like normal SHA1

all this takes WAAAY too much effort for something you can reverse easialy

#29 GravityScore

  • Members
  • 796 posts
  • LocationLand of Meh

Posted 23 March 2013 - 12:53 PM

View PostPixelToast, on 23 March 2013 - 08:38 AM, said:

View PostGravityScore, on 22 March 2013 - 09:25 PM, said:

SHA-1 is not a secure encryption technology!!! You have no excuse to not encrypt things properly if you're using PHP! It's as simple as going: [CODE]
all this takes WAAAY too much effort for something you can reverse easialy

Someone did compromise a Minecraft SQL database, remember the NDFJay incident? He may have been using MD5, but SHA-1 isn't that much better.

As for difficulty, you type 2 more letters in PHP.... It's the difference between hash("sha1", $password) and hash("sha512", $password).

And.... No. It is not easily reversible.

#30 amtra5

  • Members
  • 166 posts
  • LocationMelbourne, Australia

Posted 23 March 2013 - 10:25 PM

You guys think that the amount of code I posted is enough to get this thread moved to programs? If so how (this is one of my first threads on the forums).

Edit: Never mind





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users