Currently, anything can send note requests for any player on the server without authentication. This poses a huge security (and annoyance) risk. There should be some form of authentication to prevent player notes from being accepted from any sender but themself. There are a variety of ways that we could handle this.
- Grab the IP of the note request's sender and ensure that it is the same as the IP of the player.
- Con: This method would prevent proxies from being used. Additionally, if the user is connecting on a device using a different IP address than what they're connecting to the server with (e.g. a phone on a cell tower), the IPs won't match either.
- Pro: No player setup required.
- Via some command, send the player a unique "token" (password) which they must enter on the web interface (or send with each request) which would then be checked against.
- Con: Requires player setup.
- Pro: Virtually foolproof, easy to use and understand, and can work on any device.
Another question is, should authentication even be handled by mcmidi/server, or should it be left up to individual plugins depending on mcmidi to implement authentication themselves?
Currently, anything can send note requests for any player on the server without authentication. This poses a huge security (and annoyance) risk. There should be some form of authentication to prevent player notes from being accepted from any sender but themself. There are a variety of ways that we could handle this.
Another question is, should authentication even be handled by mcmidi/server, or should it be left up to individual plugins depending on mcmidi to implement authentication themselves?