RemoteBukkit

RemoteBukkit

62.7k Downloads

No bind option in configuration

bhodgins opened this issue ยท 8 comments

commented

There is no bind setting in the configuration file. This can lead to a threat to security to networks which require all administration access (such as SSH and Proxy authentication, etc) on a separate IP address, or limiting the remote console to 'localhost' in order to allow only local server communication (I.E. control from a CGI application or user on the server, not from a remote host). This is an absolutely easy peasy feature to implement and almost every service out there available supports it. Please do.

commented

Installed this version on CB 1.4.6-R0.3 (2586). It binds correctly to the address specified, and not to any others. It's been running without issue for about a day now.

commented

That's some good critical thinking skills you have there, I am sure many will benefit from this feature, not only myself. Thank you :)

commented

Thanks! :D No problem.

Feel free to try this out:

http://www.mediafire.com/?288dza1dgyccm63

That version is BETA but should have the bind feature you're after. If it's all good, I'll post it up to BukkitDev! :D

~Keeley

commented

@bhodgins Has the beta been working ok so far?

commented

Sure bhodgins!

What exactly would the bind option entail? I'd be happy to implement it.

~Keeley

P.S. I'm really sorry it's taken me so long to respond to this, but I'm going to be active now for the foreseeable future and hopefully this won't happen again.

commented

Actually I was sort of feeling bad because I was so overtired my request sounded demanding! Anyhow, If you did not know already, what bind does is simply "attach" a socket to a specified address. This means that if my server has two IPv4 addresses, say, 222.222.222.222 and 111.111.111.111, I can "bind" the socket to 111.111.111.111 and it will ONLY be available from 111.111.111.111, which is particularly useful- In this situation, since 127.0.0.1 is the localhost address, if I bind to 127.0.0.1, then only connections to the remotebukkit console will be possible from within that machine, nobody else from anywhere can connect to it without logging into that machine first (via SSH or rlogin, or telnet, etc). I'm not a Java programmer, but I am a C and Perl programmer- Now I'm not sure how you have your socket for the console set up, but I looked around for Java resolutions, and there is an example at: http://www.xinotes.org/notes/note/946/ which does so using the java.net class. After creating a new instance of ServerSocket, the bind function is called on that object, which takes two arguments, the hostname to bind to, and the port. Let me know if you have troubles, If I knew what you were using a socket library in your plugin then I could surely lend an idea. But it appears all you mind have to do is call socketobject.bind() with proper arguments If I am not mistaken.

This is more of a security feature more than anything, without having the need to configure the system firewall.

commented

Thanks a bunch for you response! I'm not a very experienced socket programmer myself so I apologies that I'm not familiar with such a simple concept as address binding. :)

I've just put plugin release 1.5.0 out and I'd be happy to chuck this in 1.5.1 (along with a bugfix I'm working on).

Thanks again,
Keeley :D

commented

Hi again!

I've got an implementation written, with the following behavior:

There is a forth entry in config.yml called "bind". You can either specify 0.0.0.0 for wildcard or a specific IP address. If an invalid address is specified, the plugin prints a warning to the console and defaults to wildcard mode.

Is that satisfactory? :D