Skip to content

Exports

Jump to bottom Edit New page
dola edited this page Sep 18, 2011 · 6 revisions

SimpleServer can export some data for your own use. Have a look at the below sections to see what exports are provided by now. All exports can be enabled over an option in the simpleserver.properties file. The export files are saved in the simpleserver/exports/ folder and have a format similiar to the properties files of SimpleServer. (something like key=value)

Export files should not be changed since some of them only save changes and therefore wouldn't notice and correct changes that were manually done. So they are strictly read-only!

custAuth Export

This export provides login information so you can use them for other services on your server like a forum. The advantage is that (if you set onlineMode=true) every player has his real minecraft accountname and is therefore uniquely identifiable. This of course makes only sense if you have custAuth enabled on your server.

  • File name: custAuthData.txt
  • Location: simpleserver/exports/
  • Option: enableCustAuthExport (default it false)
  • Format: playerName=groupId,passwordHash

Entries are sorted ascending by playerName, which are stored in lower case.

passwordHashing

SimpleServer uses a relatively secure hashing method to store passwords. Like that it is hard for an attacker to find out what the password in clear text was but it's still simple for you to verify if someone submitted the right password when logging in.

The exact method of hashing in SimpleServer is best shown by the java code used for it:

public String getHash(String pw, String playerName) {
  byte[] salt = getSHA(playerName.toLowerCase().getBytes());
  byte[] pwArray = pw.getBytes();
  byte[] toHash = new byte[salt.length + pwArray.length];
  System.arraycopy(pwArray, 0, toHash, 0, pwArray.length);
  System.arraycopy(salt, 0, toHash, pwArray.length, salt.length);
  return hashToHex(getSHA(toHash));
}

private byte[] getSHA(byte[] s) {
  // returns SHA-256 Hash of a String
  shaMD = MessageDigest.getInstance("SHA-256");  // better move this out to a class constructor
  shaMD.reset();
  shaMD.update(s);
  byte[] encrypted = shaMD.digest();
  return encrypted;
}

private String hashToHex(byte[] pwHash) {
  StringBuffer hexString = new StringBuffer();
  for (byte element : pwHash) {
    hexString.append(Integer.toHexString(0xFF & element));
  }
  return hexString.toString();
}

So basically it uses the SHA-256 hash function to first hash the playerName as salt and then appends it to the unhashed password before hashing the whole bytearray again. The bytearray resulting of this is then converted to a hexadecimal string to be readable in the plaintext export.

To compare a entered password with the hash simply hash the input and see if it results in the same hash as you have of the export. Note: playerName is lower case and the password case sensitive

Other programming languages such as php directly return hex-strings from hashfunctions. An example how it could look in php:

<?php
function generateHash($pw, $playerName){
  $salt = hash("sha256", strtolower($playerName), true);
  return hash("sha256", $pw. $salt);
}
?>

See the documentation of the php hash() function for detailed information.

Add a custom footer
Add a custom sidebar
Clone this wiki locally