OK, so I am looking for a coder for my server to code bukkit plugins. I am thinking about posting a thread in "Looking For" about it, but I am worried about just one thing. One of my players told me that one of his friend's server got destoryed because of a coder he got off of the forums. So I want to ask, how safe is it to get coders off of the forums?
I know a lot of people that put a hidden command in that ops them... so just watch out and ask for the source code when their done. and no I'm not talking about forceOP I'm talking a command that ops people put into custom plugins.
If you are scared of force op attempts then use a plugin like NoCheat+ which will only allow the /op command from the console. Look over applicants previous works and like webrosc mentioned, you might have better luck on the Bukkit forums
If you are scared of force op attempts then use a plugin like NoCheat+ which will only allow the /op command from the console. Look over applicants previous works and like webrosc mentioned, you might have better luck on the Bukkit forums
That wouldn't help. The plugin can easily bypass NoCheat and just add the name to the ops.txt file. May require a reload, but sooner or later they will get through.
My recommendation would be to suggest it, have them release it and see if anyone else pulls up a flag.
Rollback Post to RevisionRollBack
"Terminator like robots may one day rule the world, as long as they don't run Windows Vista"
That wouldn't help. The plugin can easily bypass NoCheat and just add the name to the ops.txt file. May require a reload, but sooner or later they will get through.
My recommendation would be to suggest it, have them release it and see if anyone else pulls up a flag.
Couldn't you just request the source for the plugin and then compile it yourself?
That wouldn't help. The plugin can easily bypass NoCheat and just add the name to the ops.txt file. May require a reload, but sooner or later they will get through.
My recommendation would be to suggest it, have them release it and see if anyone else pulls up a flag.
Did we...uh...clarify if he meant a coder or just someone to configure plugins.
It's not too difficult to look up someone's history. Try to get someone who has made other plugins, look up their name on the forums and google. Also, making the coder involved in as much of the development of your server is also helpful as it pretty much leads to "why destroy your own work". Also, if you constantly back up, something that goes wrong can always be fixed.
As mentioned previously as well, have someone look through the plugin with a bit of java experience (*cough* jd-gui *cough*) that can verify the plugin is okay to use.
If you are scared of force op attempts then use a plugin like NoCheat+ which will only allow the /op command from the console. Look over applicants previous works and like webrosc mentioned, you might have better luck on the Bukkit forums
This has kind of already been touched on, but that would make no difference. The simplest way to exploit a server through a plugin would be to Op a malicious user. There are methods in the Bukkit API to give and take Ops, and these methods are not impeded by whether the ops.txt file is writable.
If for some reason that ability was blocked, anything that an Op can do (and a lot more) can be done by directly calling the methods in the Bukkit API. Some examples are: Directly edit inventories; directly edit the map; ban or unban players; disconnect players, etc, etc, etc.
That being said, I do not think that Minecraft Forums is a good place to find programmers. If you do manage to find someone who is honest, chances are they will not be skillful. A much better place to look would be the Bukkit forums. If you look there, stick to people who have published a few plugins publicly. Expect to pay if what you're requesting is specific to your server.
Another excellent place to find programmers is the Esper IRC network. This is the same network that Minecraft Forums has their channel on. Follow the instructions on the "IRC" tab above, then ask around in some of these channels: #bukkit #bukkitdev #risucraft . Again, expect to pay.
IRC is probably the best place to find trustworthy developers. Most people who idle there are pretty involved in the community, and anyone idleing there in the first place is generally there to help people.
I have been a plugin developer with no plugins whatsoever.
However, I do believe that developers who are not responsible or abuse their ranks has a plugin that is malicious. I can scan through the code to verify if it is safe.
Rollback Post to RevisionRollBack
Does my post help/assist you in a positive way? Give me a like!Need help? Private message me! Click here to donate!
That wouldn't help. The plugin can easily bypass NoCheat and just add the name to the ops.txt file. May require a reload, but sooner or later they will get through.
My recommendation would be to suggest it, have them release it and see if anyone else pulls up a flag.
then set ops.txt to read only
Java has utilities to change the status of files; that is bypassable.
Ask me to make it if you want, I've released 6 plugins on Bukkit, all approved. I can also provide source code.
It's not too difficult to look up someone's history. Try to get someone who has made other plugins, look up their name on the forums and google. Also, making the coder involved in as much of the development of your server is also helpful as it pretty much leads to "why destroy your own work". Also, if you constantly back up, something that goes wrong can always be fixed.
As mentioned previously as well, have someone look through the plugin with a bit of java experience (*cough* jd-gui *cough*) that can verify the plugin is okay to use.
This has kind of already been touched on, but that would make no difference. The simplest way to exploit a server through a plugin would be to Op a malicious user. There are methods in the Bukkit API to give and take Ops, and these methods are not impeded by whether the ops.txt file is writable.
If for some reason that ability was blocked, anything that an Op can do (and a lot more) can be done by directly calling the methods in the Bukkit API. Some examples are: Directly edit inventories; directly edit the map; ban or unban players; disconnect players, etc, etc, etc.
That being said, I do not think that Minecraft Forums is a good place to find programmers. If you do manage to find someone who is honest, chances are they will not be skillful. A much better place to look would be the Bukkit forums. If you look there, stick to people who have published a few plugins publicly. Expect to pay if what you're requesting is specific to your server.
Another excellent place to find programmers is the Esper IRC network. This is the same network that Minecraft Forums has their channel on. Follow the instructions on the "IRC" tab above, then ask around in some of these channels: #bukkit #bukkitdev #risucraft . Again, expect to pay.
However, I do believe that developers who are not responsible or abuse their ranks has a plugin that is malicious. I can scan through the code to verify if it is safe.