Paper
Paper copied to clipboard
PaperMC
Block bungee bound plugin messages if we aren't behind a proxy
Is your feature request related to a problem?
Plugins will send bungee plugin messages, assuming they are behind a proxy which will intercept them, this can cause info leaks if the server for some reason isn't bungee
Describe the solution you'd like.
paper knows whether its behind a proxy, we should discard outgoing bungee plugin messages and perhaps warn to console if they aren't on backend, instead of sending to the players.
Describe alternatives you've considered.
using protocollib to block them?
Other
No response
Just tested, and seems like the plugin messages aren't sent? I can't find the code that is discarding it though.
Its not really Papers responsibility to prevent plugins from doing stupid things. Plugins can themselves check if the server is running behind a proxy or not, and then simply not send such messages.
The server won't send plugin messages to an unregistered channel, i.e. the only way those clients would get that info would be if their client specifically asked for it, in which case, you have malicious players.
I don't think that this is our role, maybe we should expose this state in the API to make it easier for plugins, but, this is one of those weird areas where we'd only be masking the issue for a bunch of plugins, it's not really our role to patchwork over security issues from other plugins
Not to mention that plugin messaging is a perfectly valid way of communicating with client mods, and there are several plugins out there that do; if a plugin doesn't want to send a payload to the actual client it would be the plugin's responsibiltiy to check whether the server is connected to a proxy before sending the payload, API for that could be added, I don't think that exists right now
Its not really Papers responsibility to prevent plugins from doing stupid things. Plugins can themselves check if the server is running behind a proxy or not, and then simply not send such messages.
I can assure you that approximately 0 plugins currently, or ever will do this.
Its not really Papers responsibility to prevent plugins from doing stupid things. Plugins can themselves check if the server is running behind a proxy or not, and then simply not send such messages.
I can assure you that approximately 0 plugins currently, or ever will do this.
Does not mean it's Paper's responsibility to fix a plugin issue, it isn't really viable without sacrificing the plugins that do intend to communicate with clients. If anything, stable API for checking whether the server is behind a proxy should be added, and the documentation on using plugin messages altered to mention and account for that.
Its not really Papers responsibility to prevent plugins from doing stupid things. Plugins can themselves check if the server is running behind a proxy or not, and then simply not send such messages.
I can assure you that approximately 0 plugins currently, or ever will do this.
Does not mean it's Paper's responsibility to fix a plugin issue, it isn't really viable without sacrificing the plugins that do intend to communicate with clients. If anything, stable API for checking whether the server is behind a proxy should be added, and the documentation on using plugin messages altered to mention and account for that.
why would a plugin use bungee namespace to communicate with clients? impossible.
Going to close this after some further discussion. Most plugins provide a configuration option to enable their proxy features, or check for the presence of such a setup themselves. Its not Papers responsibility to prevent issues with wrongly configurated plugins, or to fix badly implemented plugins.
However, adding API that makes checking for a proxy setup easier is something that could be PR'ed to Paper.