SecretWord
About
This description has been soo inconsistent throughout Bukkit, BukkitDev, and my GitHub. I'll be fixing this soon.
SecretWord protects moderators, administrators, and your users from session stealers, and any other MITM attacks in Minecraft by requiring users to type a "secret word" upon logging into the server the first time the plugin is installed. It will ask for that secret word if you login from a different IP address. This completely defeats the purpose of any minecraft exploit as long as your secret word is not shared.
All secret words are hashed, salted, and stored in plugins/SecretWord/players folder. This means server administrators will never know your secret word!
History
Not much, just had idea, and boom, here you are!
Video
Commands & Permissions
Surprisingly, I don't think there was going to be a lot of commands and stuff, but I don't believe that is necessary!
Commands
/sw reload - Simply reload configuration
/sw reset [playername] - Reset a player's secret word.
If you have an idea for a command, suggest it! I couldn't think of anything else to add.
Permissions
secretword.login - If enabled in configuration, people with this permission node will be required to enter/abide by SecretWord.
secretword.halfhour - After half an hour after the last login, the player with this node will be required to re-login. This should not be necessary unless you have a cruel sibling.
secretword.showjoin - Vanished Administrators! If you wish to not broadcast join messages when you join on vanish (VanishNoPacket), add this node! Believe me, it sounds misleading but here's why: If this permission node is granted, it will not handle the join message at all. If this permission node wasn't given, it will broadcast "xxx has joined the game" after you login to SecretWord.
secretword.admin.* - Gives the following 2 permission nodes.
secretword.admin.reload - Gives access to /sw reload for configuration.
secretword.admin.reset - Gives access to /sw reset to reset people's secret word logins.
Configuration
Installation
Installation is simple & easy! Given that you've added the permission nodes above that you may think is necessary, go ahead! Drag and drop the JAR into the server and restart!
Now your server is protected.
League of Developing Le-
Enough puns, here's some extra resources:
http://ci.gravitydevelopment.net/job/SecretWord/
Thanks Gravity for the CI!
BETA, BETA, BETA!
This plugin is back in BETA after a long hiatus. Just simply report bugs here if you wish to fix something that is broken.
Maybe add a delay on the security message so that all the other MOTD are posted first and then it asks you to set your password, or another alternative way is that make it instead of typing in the chat you have to do a command to set your password. /register [password] and if you try to type something else. A message will say, please register a password /register [password] Also, my system OS is ubuntu and those funky double ss's for the color coding isn't working, do you mind changing the coding to the standard '&' color coding? Thanks!
@SuperSpyTX
Yes, please update this plugin!
Due to recent events and word of a new exploit, I am officially reviving this plugin.
I would suggest adding a command for players to change their entry password.
SuperSpyTX!!!! Are you still there?
what is the plug-in name of that minimap?
When my users register and login their secretword shows up in chat? Any help?
Man! Amazing plugin! But it need a looot of things! Custom lang message and more message spam could be cool.
@zachbora
The "safe-ip" idea would be pointless for the user to set for himself, because if someone else gets the same IP as the same user, that user could easily compromise his account. As far as I'm concerned, it would also be an issue too. If the user has to "relogin" at his home PC, it could show a sign that his secret word was compromised.
As far as the dynmap issue goes, I have changed priorities for the chat event. If it doesn't work, then dynmap will have to change its priorities.
@Xarc34
I (should have) fixed this one as well in the GitHub.
Another error ... when someone with blank name try to login.
@SuperSpyTX if you can fix the dynmap showing of the password and if you could put a "safe ip" command, I'll use this.
The safe ip command would allow a user to mark his ip safe, not requiring a password at next login.
there is still a minor/major problem with Dynmap ... it show the word in the web interface :) but not when you are vanished on login with VanishNoPacket
@SuperSpyTX
About that Tab thing, it seems that on my server I need to type it like it's showing in the tab list.
Example : If in tab his name is in pink with a white start in front, I have to type *cName
Regarding your plugin, I'll verify with my other staff and we might replace our current mediocre authentication plugin with yours. The one we're using is something I built quickly and it shows passwords in the server log. With yours I won't have that problem.
@Xarc34
I was made aware of this issue a while back.
I've removed this feature for now,
You can grab it here.
Hi ... I have a problem ... I try to use this plugin to double the security of an offline server which authentication is made with xAuth. I have tested only on OP's
It work fine, but when it comes to enter first time the word or reset it empties the inventory after login ... less the armor.
It have no errors.
I'm not worry about admin/op loosing their items because they use few and can get very quick.I'm afraid to release for particular players.
Can be fixed ?
Thank you.
@Xarc34
In the command? Sure!
I'll put this in my TODO list.
Also, if they're ingame, just type portion of their name (EX: "Super") then hit the TAB key and it should fully pop into the chatbox for you (EX: "Super" <TAB> "SuperSpyTX").
Just discovered this plugin and I think it is another good one among other you have made, but I have a question ... could you make player names case-insensitive ?
Thank you.
@TISSIN
I want to watch that SNL episode.
(Yes, I looked it up. Nice reference lol)
Mindy, you said the secret word.
(off topic)