search

monk-afk / SquareOne

Things relating to SquareOne
monk.moe:30023
MIT License
0 stars 0 forks source link

money - Safety deposit box #4

Closed monk-afk closed 3 months ago

monk-afk commented 6 months ago

Mod(s) Affected

  • SquareOne money

Description of planned update Safety deposit box is an inventory storage item, like a chest, which is password protected rather than assigned to the players. The intention is to have an area in the server bank to store the safe and they will not become 'abandonned' after a year, like protectors. Password protection is to allow cross-account access, without having a list of 'allowed' names.

  • password security functions
  • [x] After place node, open formspec to assign the chest a player which will be used to set up their password on the safe
  • [x] Disallow click actions if there is no 'owner' set up
  • [x] After the password is set, the owner meta is not used for access functions
  • [x] on right click, open password formspec and only show inventory on successful authorization
  • [ ] If after X amount of failed auth attempts, timelock the safe for like an hour or something.
  • [x] Textures for node
  • [x] Recovery codes

Testing Q/A

  • Live environment test
  • [ ] Yes
  • Any unforseen bugs?
  • [ ] No

Deployment Status

  • [x] Not Ready, stalled
  • [x] Not Ready, under development
  • [ ] Ready, not uploaded
  • [ ] Ready and uploaded, pending server reboot
  • [ ] Is live on server

After Deployment

  • Any new bugs being reported?
  • [ ] No, Close ticket

___
> **Add Screenshots if needed.**
___
monk-afk commented 4 months ago

Password protection of nodes poses a security risk: in the case where a player uses a password they use elsewhere, due to the unencrypted network traffic between the client and server.

Need to either wait for CSSM implementation, or figure out a solution for the interim.