Hide IP address from /whois unless the command is used from the console
Nevrai opened this issue · 3 comments
Feature request
Feature description
A config option that, when enabled, hides the IP address of a player from the /whoid
output unless the command is used from the console.
How the feature is useful
This would be useful for security purposes. Mods, admins, and anyone else with the permission to use /whois wouldn’t be able to see IP addresses, which is quite sensitive information. A server owner might not want their staff to be able to see players’ IP addresses. IP addresses also wouldn’t accidentally be leaked if a YouTuber or live streamer happens to use the command and doesn’t catch it (especially if they’re streaming since they can’t censor it then). It’d also protect IP addresses from force-OP attacks or permission exploits where regular players will be able to use any command, including /whois.
You should not give the essentials.whois.ip
permission then. Please check the full list of permissions here before making an issue.
@pop4959 While I didn’t know that this was a permission, my suggestion is not primarily concerning permissions in the first place. In the event that someone with all permissions would accidentally reveal an IP address to others after using /whois, such as during a live stream, or in the event where somebody somehow becomes an op (such as in the event of a force op exploit, which occasionally exist) or part of a group that has all permissions, it’d be useful if not vital to have the IP addresses be hidden.
I’m not saying that these are likely scenarios, but personally, I would feel more at ease if IP addresses of players are not visible in-game by any means. However, if this is such a niche that I’m the only one wanting such a config option, I suppose it shouldn’t be added. Though, I don’t think it would hurt adding it, as it could be disabled by default.
I got the idea of this after downloading LiteBans, which also has a command that can show the IP address of any player but also has a config option that hides the IP addresses unless the command is used via the console. This config option is enabled by default, too.
One thing I could do is simply edit messages_en.properties to hide the IP address that way, although in that case, it couldn’t be viewed when using /whois via the console. It’s not the biggest problem in the world, though, since as previously mentioned, LiteBans, too, can display IP addresses if need be.
Sounds good, just letting you know that you can turn it off via permissions. You should exercise caution about giving players all permissions, as that is not recommended. Carefully consider which permissions you give to YouTubers/Streamers as well. Also, if your server includes a force op you should probably re-evaluate how you are picking your plugins. I'm assuming you took that to be an extreme (albeit impractical) example. You have much bigger problems if your server is susceptible to force op.
messages.properties is yours to edit; if configuring that solves your issue you should use it.