Verifying Minecraft server players data | Together Java | Page 1

fickle shaleBOT Mar 18, 2024, 7:58 PM

#

<@&987246399047479336> please have a look, thanks.

vague jay Mar 18, 2024, 8:19 PM

#

I think you need to be a little more specific about your concerns.

If a player joins your server on which your plugin is running and it is set to online mode, there you can assume that the uuid matches the session of the joining player and is not corrupted.

Another thing is with the username, as far as I know it is not 100% secure, for example, uppercase and lowercase letters can be changed on the client side.

But the uuid should be enough for you, you can send it to the mojang server to get the correct username.

#

I think you misunderstood me. That's not the case.

#

You are writing a plugin for a spigot based server right, or atleast you wrote "I want to code a plugin".

The uuid of the online player is definity not corrupted, when the server online mode is enabled

#

Do you have full control over those minecraft server, or is this a public plugin?
If not, you could whitelist the connections to your processing server and allow only your minecraft server connections, very simple with a firewall.

If that is the case, you have to think about a way, how you only allow trusted minecraft servers to send data. For example you could give them an token, which you check on each connection.

#

maybe you should switch to a rest api, that would be the standard way for your case.

What is the player data intended for?
(You also have to be a little careful when it comes to data protection, i am not sure, if you are allowed without the permission of those player to store the uuids.)

#

I don't think there is way to prevent abuses.

You could send a ping request to the minecraft server and check the handshake packet, minecraft server send there the player amount.
However, this can also be falsified, or if it is a server network, it may also be that you can't access sub-servers from outside without the associated proxy.

I'm still not sure what exactly the reason for the player count is, i.e. why it's important, maybe there is a another way.

(Even processing human-related data is not quit legal in some if not all countries, just be really careful, it's not exactly cheap)

vague jay Mar 18, 2024, 9:10 PM

#

mh you could get the login packet of each player and send it to you processing server. There you could do the same as each server and send it to mojang to verify it.

But i couldn't say you how this works. You have to take a look into the minecraft server source code, how the server verify a player login packet

#

https://wiki.vg/Protocol#Login

Protocol

#

https://wiki.vg/Protocol_Encryption

Protocol Encryption

ivory kindle Mar 18, 2024, 9:11 PM

#

code a plugin where I need to be able to the amount of players on a server as well as some information about them

#

this sentence isn't complete

#

can you elaborate a bit?

#

How do you think other connections can imitiate the actual server?

vague jay Mar 18, 2024, 9:12 PM

#

vague jay https://wiki.vg/Protocol_Encryption

You could repeate this process on your process server, there you get only valid player data
It is quit simple

#Verifying Minecraft server players data