Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Public server registration should be disabled by default #36

Open
ashpool37 opened this issue Jun 24, 2022 · 2 comments
Open

Public server registration should be disabled by default #36

ashpool37 opened this issue Jun 24, 2022 · 2 comments

Comments

@ashpool37
Copy link

The current default behaviour of this role is to configure the Murmur server to attempt to register itself with the public server registry, using the string password as the registration password. This is very insecure and could potentially lead to a lot of public server entries overtaken by spammers and other bad actors. Many people may not be willing to register their server publicly in the first place.

According to the documentation, setting the registerPassword value to be empty will disable the public server registration. I think this is what should be done by default.
@xshadow
Copy link
Contributor

xshadow commented Jun 27, 2022

Hey ashpool37, thanks for the feedback. The value of registerPassword should be changed by the administrator when using this role. It seems that this is not clear. Would you like to create a pull request for either updating the Readme.MD accordingly or one for disabling the registration by default.

@ashpool37
Copy link
Author

Yeah, I'll be following up with a few PRs concerning this and other issues with documentation, as well as security.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xshadow @ashpool37