Standalone auth plugin #1090
Replies: 1 comment 3 replies
-
Quote from the plugin page:
The cause for UUID spoofing is incorrect firewalling. If you are using Minecraft proxies (e.g. BungeeCord) the Spigot should never be accessible from outside or in other words only be reachable by the proxy software. This is a common recommendation mentioned on multiple places like the Spigot wiki itself, FastLogin doesn't change anything about this.
The auth plugin is required for offline mode servers like restricted networks (where access to Mojang is blocked) or as a method for second factor authentication. So it adds an additional password/pin/etc. method to your Minecraft account. In this case, FastLogin selectively weakens this protection to be based only on your Mojang onlinemode verification. FastLogin requires an additional auth plugin in order to tell it to skip the authentication step. FastLogin handles the onlinemode logic and then only forwards the information. Without an auth plugin there is no need for FastLogin too. |
Beta Was this translation helpful? Give feedback.
-
Hi I wanted to know if it is still developed on Spigot it seems to be abandoned, and I would like to understand if it is safe i.e. it blocks the classic method of grief via UUID Spoof i.e. an SP user enters with a UUID of a staffer either SP or Premium to be able to get those permissions and grief, then it also acts as Auth or is there a need for a separate plugin
Beta Was this translation helpful? Give feedback.
All reactions