Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hackable?

Comments in 'Plugin Development' started by Tethered_, Nov 29, 2014.

  1. Tethered_
    Offline

    Tethered_ Active Member Plugin Developer

    Joined:
    Jun 24, 2014
    Posts:
    178
    Plugins:
    2
    Minecraft User:
    Frostbyte58
    If I made a plugin which stored the players name and password in a db file to provide secure accounts, would players be able to hack into the file or get around the method?
  2. ServerKart_Rod
    Offline

    ServerKart_Rod Active Member Plugin Developer

    Joined:
    Jul 7, 2014
    Posts:
    110
    Plugins:
    1
    Minecraft User:
    Advocaite
    If you store passwords as plain text then if server gets hacked or compromised then yes its a possibility.

    you should do something like this
    Code:
    $salt_left="some secret test"; // maybe even get it from config on server so person can salt it them self
    $salt_right=="some secret test"; // maybe even get it from config on server so person can salt it them self
    md5($salt_left.$password.$salt_right);
    
    //to check if password is same just do 
    if (md5($salt_left.$password.$salt_right) == $db_password){
    return true;
    }else{
    return false;
    }
    
    salting a password and encrypting it is standard for most things these days with out salt you can still crack passwords by comparing them with know md5 hashes
  3. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,707
    Plugins:
    22
    Minecraft User:
    Falkirknh
  4. PixelGuy75
    Offline

    PixelGuy75 Notable Member Plugin Developer

    Joined:
    Feb 9, 2014
    Posts:
    316
    Plugins:
    2
    Minecraft User:
    PixelGuy75
    Can players get into the oped players file because I think that happened to me before.
  5. ServerKart_Rod
    Offline

    ServerKart_Rod Active Member Plugin Developer

    Joined:
    Jul 7, 2014
    Posts:
    110
    Plugins:
    1
    Minecraft User:
    Advocaite
    well crypt, md5, sha256, each to own they all still work fine, its really personal choice and if you cant use crypt functions due to shared hosting or other issues then your out of luck that is why salted md5 is still the standard for hashing passwords.

    again is personal preferance

    http://php.net/manual/en/function.password-hash.php

    is better the crypt()
    PEMapModder likes this.
  6. Tethered_
    Offline

    Tethered_ Active Member Plugin Developer

    Joined:
    Jun 24, 2014
    Posts:
    178
    Plugins:
    2
    Minecraft User:
    Frostbyte58
    What would be the best way to prevent the server getting hacked then?
  7. ServerKart_Rod
    Offline

    ServerKart_Rod Active Member Plugin Developer

    Joined:
    Jul 7, 2014
    Posts:
    110
    Plugins:
    1
    Minecraft User:
    Advocaite
    dotn use root user complex passwords sanitise all user input etc etc
  8. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,707
    Plugins:
    22
    Minecraft User:
    Falkirknh
    PEMapModder likes this.
  9. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,196
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    id rather make my own algorithm then
  10. LDX
    Offline

    LDX Notable Member Plugin Developer

    Joined:
    Oct 2, 2013
    Posts:
    1,429
    Plugins:
    14
    I use whirlpool and gost for hashing my passwords.
  11. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,196
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    :D what is bin2hex()?
  12. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,707
    Plugins:
    22
    Minecraft User:
    Falkirknh
    It converts base-2 to base-16?
    Last edited: Nov 30, 2014
    LDX likes this.
  13. LDX
    Offline

    LDX Notable Member Plugin Developer

    Joined:
    Oct 2, 2013
    Posts:
    1,429
    Plugins:
    14
    Um... A function that converts raw binary data to raw hexadecimal data... What does that have to do with anything?
    iJoshuaHD likes this.
  14. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,196
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    idk, will im just curious since simpleauth uses this.
    Tethered_ likes this.
  15. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,306
    Plugins:
    11
    Minecraft User:
    PEMapModder
    It converts a binary string to a human-readable string. For example, "\x00" to "00".

    @Tethereed_ theoretically, nobody can read the files inside your machine unless you let them to. But still, saving passwords in plaintext will make the server owner see everything, which we all hate.
    iJoshuaHD likes this.
  16. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,196
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    no privacy :(
  17. Tethered_
    Offline

    Tethered_ Active Member Plugin Developer

    Joined:
    Jun 24, 2014
    Posts:
    178
    Plugins:
    2
    Minecraft User:
    Frostbyte58
    That makes sense. Better security for everyone I guess.
  18. ServerKart_Rod
    Offline

    ServerKart_Rod Active Member Plugin Developer

    Joined:
    Jul 7, 2014
    Posts:
    110
    Plugins:
    1
    Minecraft User:
    Advocaite
    you could always use AES 256 encryption to do passwords

    to be honest any password is crackable

    keep in mind even though md5 is old way of doing it md5 ALONE is not recommended this is why people salted them as you would need to know salt depending on how complex your salt was would make it hard to easy to crack it, again I personally dont use it just for passwords i use it to hash my keys that are used in encrypting my passwords I doubt anyone with out a super comupter would be able to crack any of it
    iJoshuaHD likes this.
  19. Falk
    Offline

    Falk Staff Member Global Moderator

    Joined:
    Sep 2, 2013
    Posts:
    1,707
    Plugins:
    22
    Minecraft User:
    Falkirknh
    You are jinxing it :p
    LDX likes this.
  20. ServerKart_Rod
    Offline

    ServerKart_Rod Active Member Plugin Developer

    Joined:
    Jul 7, 2014
    Posts:
    110
    Plugins:
    1
    Minecraft User:
    Advocaite
    its ok im not superstitious :p

Share This Page

Advertisement