By default, players with a permission level greater than zero may use " < minqlx command symbol > players" to obtain a list of currently connected IP addresses. I believe it is within the best interest of the QuakeLive community for server moderators/admins to NOT have the ability to obtain player IP addresses. The SteamID64 is a much better solution for player identity in my opinion. Although correlating player IP addresses to SteamIDs is quite useful, and admins hosting QL servers should still have the ability to obtain player IP addresses when necessary, but to reiterate moderators should NOT have this feature available to them.
My recommendation would be to change the permission level for the "!players" command from one to five (perhaps four), this would greatly reduce possible attacks against player networks. This modification would take mere seconds.
By default, players with a permission level greater than zero may use " < minqlx command symbol > players" to obtain a list of currently connected IP addresses. I believe it is within the best interest of the QuakeLive community for server moderators/admins to NOT have the ability to obtain player IP addresses. The SteamID64 is a much better solution for player identity in my opinion. Although correlating player IP addresses to SteamIDs is quite useful, and admins hosting QL servers should still have the ability to obtain player IP addresses when necessary, but to reiterate moderators should NOT have this feature available to them.
My recommendation would be to change the permission level for the "!players" command from one to five (perhaps four), this would greatly reduce possible attacks against player networks. This modification would take mere seconds.
https://github.com/MinoMino/minqlx-plugins/blob/master/essentials.py#L45
Current: self.add_command("players", self.cmd_players, 1)
Recommended: self.add_command("players", self.cmd_players, 5)