25w35a introduced the Server Management json-rpc/ws Protocol.
In my opinion, Mojang should not release Server Management without a default-on access control mechanism, regardless of the default-off server setting.
Many server admins are IT novices. The Minecraft game supports a whitelist which trained server admins that opening a port is safe enough. Admins will undoubtedly open the Management port to the internet to integrate with a benign bot unaware that admin features are now exposed to the internet, made worse as Mojang releases more admin features.
Minecraft servers are trivially scannable, lists of private server IPs are readily available. With this, an individual could deface (MOTD) or shut down thousands of servers in minutes, and would not be tied to a Microsoft account.
I suggest an access control mechanism such as a file of RBAC statements.
In server.properties, add management-server-access-file.
management-server-access-file lists RBAC statements tied to a secret token and effect:
{
"access": [
{
"token": "<secret>",
"methods": [
"minecraft:players", .. etc
],
"effect": "allow | deny"
}
]
}
The client must provide a token as an Authorization header. If the server admin did not choose a secret at boot, a default secret is generated with a statement that disables all methods.
The server admin would then have a safe default with obvious minimal changes to allow the appropriate access.
Please sign in to leave a comment.
1 Comments