Establish all permissions as op required #86
Conversation
Implements a permission that server owners to use that can grant them all the commands that a player may need to use the plugin.
Remove all player's access to imageframe permissions by default, this is a security risk and access should only be granted selectively
Oribuin
changed the title
|
a much needed change |
|
I think this is a reasonable change. Although perhaps we could just put |
|
Personally, I don't think any permission should be granted by default (except small examples like an mcmmo permission to actually use a skill) |
|
Usually I leave some default functions on |
|
In my opinion it is safer to have things disabled unknowingly than enabled so there's no adverse and/or unexpected effects for server operators, resulting in yet more change requests |
hello, after using this plugin on a production environment, we were unaware that players by default had access to import their own image from any source, and assumed it was locked behind permission as it should've been, we were swiftly mistaken.
Players having access to command that establishes a web connection, allowing them to import any image into the server with no way of tracking it is a severe oversight. The type of images that someone could just upload onto a server shouldn't need to be expressed.
I have implemented a new permission,
imageframe.player, which can be granted to players to provide them access to all the previous permissions they had access to prior to this change.I understand this change will result in a large influx of angry "my players have lost access to all their commands >:(" but, I think that is a valuable price to pay for the risk of highly graphic images being uploaded with no prior knowledge.
thank u!