security Important security concern

[BoyCutFactionsUUID]

FactionsUUID has recently introduced a debugging system (https://github.com/drtshock/Factions/blob/1.6.x/src/main/java/com/massivecraft/factions/cmd/CmdDebug.java)! This is very dangerous as the debug information contains important server information that can be used to identify a server stored in plain text! This should be removed from Minehut ASAP just as DiscordSRV's debug system was removed (https://github.com/Minehut/DiscordSRV/commit/8e34106efb83a8e70a0a82e0869bec780f3498bd#diff-0ad22d382c20fe65fee64bbce9d8d345) while it stores everything in encrypted form, everything from FactionUUID's debug system is in plain text!

[Nd_]

Since @Trent owns the plugin, he might of already done this, but I'll tag him anyways

[Trent]

DiscordSRV's pulled information about the Minecraft server and discord, and sent it straight to the developers. FactionsUUID debug system creates a paste with all the relevant information and sends it back to whoever ran the command, who can choose to hand it off to the developers to help get support.

[Fjffuhffyiijcf]

On 1/2/2020 at 9:41 PM, Trent said:

DiscordSRV's pulled information about the Minecraft server and discord, and sent it straight to the developers.

Wrong. All of the debug information is encrypted, the developers have no way of accessing it without the decryption key that only the person who ran the command has. A far cry from "sent streight to developers".

 

While FactionsUUID's is in plain text, someone could feisably use bots to look through every paste and harvest data, and the hoster of the paste site can most definetly harvest that data (if they don't already).

 

Really it's what you said except the other way around.