-
Notifications
You must be signed in to change notification settings - Fork 0
Security Issues
The most sensitive information on the server would be the information about the user from Discord including a Discord user name, global name, id, and avatar. This information is easily attainable by anyone that shares a server with the user. This information will be kept on the host machine (the machine that hosts the VMs that the Minecraft servers run on). This will make it even more inaccessible than it would be if users had direct access to the VM in the first place. The host machine is kept in the basement of my house behind a locked door.
Right now, there is a vulnerability which allows users to execute arbitrary code on the Minecraft server's VM which isn't great. But I know about it and I will fix it ASAP and it will be gone by the time the website is published. There will be some security issues I will have to solve when I allow users to upload files to the website. Though uploading files will not be a priority and will not be finished by the time the website is published. If a user bypasses my future methods and is able to get access to the VM, they would need to somehow exit the session which I have found to be impossible. He or she could still try to ssh into another machine on the network but I can block outgoing ssh connections. He or she could also access the machine's files but I intend to setup a user on the VM specifically for the connection from the website. I also plan to set up permissions to limit as much access as necessary.