Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is using UniqueId for authentication safe?

Comments in 'Plugin Development' started by wolfdale, Aug 19, 2015.

  1. wolfdale
    Offline

    wolfdale Active Member Plugin Developer

    Joined:
    Dec 3, 2014
    Posts:
    276
    Plugins:
    1
    Minecraft User:
    ace
    Is it possible for UniqueId to be spoofed? or changed?
  2. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,325
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Yes.
    There will be a "secret ID" in 0.12 that cannot be spoofed. But there is no method that can never be changed.
  3. wolfdale
    Offline

    wolfdale Active Member Plugin Developer

    Joined:
    Dec 3, 2014
    Posts:
    276
    Plugins:
    1
    Minecraft User:
    ace
    Oh ok, how safe do you think using UniqueId for authentication as compared to ip address? Cause i am considering whether or not to use UniqueId instead of ip address for authentication
  4. basprohop
    Offline

    basprohop Active Member Plugin Developer

    Joined:
    Aug 8, 2015
    Posts:
    128
    Plugins:
    3
    Minecraft User:
    basprohop
    Well MCPE is ment to be portable and sometimes when Im outside I like to check how things are going by connecting through a public Wifi network, now if you have IP based authentication I wouldn't be able to login :O
  5. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,325
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Secret ID is unique per server, so it is safe.
    wolfdale likes this.
  6. aliuly
    Offline

    aliuly Notable Member Plugin Developer

    Joined:
    Feb 8, 2014
    Posts:
    1,086
    Plugins:
    17
    What I read is that unique Id includes ip. So if you are comparing unique Id vs ip then unique id is safer.

    For authentication I would consider unique id reasonably safe. For banning purpose it falls a bit short.
    CrazedMiner likes this.
  7. Legoboy0215
    Offline

    Legoboy0215 Notable Member

    Joined:
    Nov 1, 2014
    Posts:
    1,747
    Minecraft User:
    Legoboy0215
    Secret ID? You would always be able to edit it.
  8. aliuly
    Offline

    aliuly Notable Member Plugin Developer

    Joined:
    Feb 8, 2014
    Posts:
    1,086
    Plugins:
    17
    Yes. That's why for auth is okish. For banning it falls short.
  9. PEMapModder
    Offline

    PEMapModder Notable Member Plugin Developer

    Joined:
    Oct 9, 2013
    Posts:
    7,325
    Plugins:
    11
    Minecraft User:
    PEMapModder
    Yes, but secret ID is a hash dependent on the server's IP and the device ID. In that case, nobody knows what the secret ID is on another server unless they know the device ID.
    CrazedMiner likes this.

Share This Page

Advertisement