Make Permban HTTPD Module Admin Only #2173
Comments
|
There was a suggestion made quite a while ago to block it, apparently because the other ban module showed the ips and we wanted the permbans blocked as well |
|
@Telesphoreo IP's are not private information so were there any other reasons to block it to just admins? |
|
I believe it was to keep it consistent, but it could be fixed the other way around by unblocking the ban module but I personally don't think it's a good idea for any op to just see all banned players and the reason (same with permbans) |
|
I agree that we probably want it to be consistent, or at least justified why it's not consistent. Personally I don't see a massive issue with it being public or private, given the main reason for HTTPD was for things like the website to hook into it originally, and not end users. I'll have a think and see what makes more logical sense. |
|
Well I mean I don't think it's a good idea because then an op could look at the banlist and see op did x and then they could blackmail them into doing something else and then they could check the permbans to see if they got the victim permbanned |
|
I'm not sure we should be making architectural decisions based on the odd chance someone decides they wanna have a stab at blackmailing someone... That ultimately is something I'd be seeing as a very low risk scenario in general, much less the odds of someone doing it right. Plus to blackmail you need something to hold over someone, and a ban on a Minecraft server isn't really that... |
I believe the current perm ban list HTTPD module is open to the public, but we need to probably consider locking it down to just admins. That is how TF Patches have handled it but I'm not sure what the rational behind this decision was.
I hope that @ZeroEpoch1969 @Telesphoreo or @robingall2910 might be able to give some guidance as to why this decision was made before we accept the request / reject the request.
The text was updated successfully, but these errors were encountered: