Closed Daenges closed 2 years ago
I don't think you'll be ever 100% sure player names are not spoofed. See #1142
I don't think you'll be ever 100% sure player names are not spoofed. See #1142
Well, this is the reason I referred to it. The question is:
As I said, if you have any argument on why to add it let me know. This "Question" is more or less an information, on why this feature might not get implemented by me.
Woops, replied too fast. Well, the UUID support in chat messages is 1.16+ only and is still at the discretion of server admins, so a server can send spoofed UUIDs to access the desired mailbox. As a result, there is not much added security.
Prerequisites
Console Client Version
Latest
Description of the Question
I was considering to add UUID support for the mail script, to avoid exploitation through nick plugins ( #1142 ). Well, jokes on me, I found out about a very popular nick plugin, which is based on this API. The API advertises, that it can change Playername, Playerskin and UUID independend from each other. Well, this breaks the whole system, since the client has no way anymore to identify a player properly. Therefore I do not see any benefits of adding UUID support, since it will not fix any problem.
The only part where the bot might profit from this is that users would also receive messages after a name change. But I do not think that this edge case is worth adding this feature especially if you consider that this could break compatability with offline servers.
Do you have any good justification for the implementation? Because mine got blown away.
Solutions you've already considered
No response
Attach screenshot here (If applicable)
No response
Anythings that could help us answering the question
No response
Minecraft Version
No response
Device
No response
Operating System
No response
Server Address (If applicable)
No response