I’m not very familiar with exactly what happened to Mineplex, and have only read a little bit, but from what I’ve gathered a developer’s private key was somehow obtained and so they got access to the github repo along with access to the servers themselves (SSH?)?
Is that correct?
If so, that does still sound quite extraordinary to me. If someone was able to steal my private key (which requires both the key’s password and access to my PC), then I would be partly to blame myself for allowing someone to access my PC. There is no way I would expect any services I use the key for to then make it incredibly inconvenient to use those services.
Github itself is a nice example actually: after the Rails exploit in 2012 they did the following:
- Adding a new SSH key will now prompt for your password
- We will now email you any time a new SSH key is added to your account
- You now have access to a log of account changes in your Account Settings page
Note the 2nd & 3rd lines. Any changes security related now immediately sends you an email. They didn’t instead make authentication incredibly inconvenient. They do offer 2FA, which to me is even better if I’m physically holding the only device that can authenticate the second part.
We’re only talking about a token, key, whatever being stored alongside the MC server. Attempting to make it so stupid-proof that users must enter their credentials every time their server starts will only greatly annoy people who can’t do that e.g. GSP customers that don’t have that kind of console access, scripted restarts, and so on.
Mentioned a bit above, but I did consider this as well, but admittedly did not really consider it much more than thinking it over as it’s asking a lot from certain users. IMO no plugin should ever expect to be able to use System.in
because (as mentioned above) not everyone that would benefit from this would even be able to access System.in
. Should we blame GSPs for not providing that, and also blame server admins who want to automate things? Personally, I think not.
(btw, would you attempt to prevent access or modifications to System.in
too so that a rogue plugin can’t lift it from there?)
Sorry, that was a bad quote on my part, and now that I re-read it I was more pulling at straws for that sentence (by verification, I meant there would still be some DB IO, but of course it would likely not be as much depending on what the alternative is.)
Indeed! If I had to choose between a website that showed me a verified green lock symbol versus one that claims that they use secure authentication on top of regular HTTP, I would choose the verified green lock symbol.
As long as it’s not the only thing being used, then I can agree on it being semi-decent, considering multiple servers on the same machine could resolve to the same HWID.
I agree, I’m certainly not helping by dragging out the above discussion, so I’ll stop it here as my opinion should be fairly clear by now.