Minecraft: Difference between revisions

Line 46:

===Minecraft Beta pre-1.8's lack of authentication===

In version Beta 1.8, Mojang ~~has~~ changed the endpoint used for authentication on Minecraft servers from "www.minecraft.net" to "session.minecraft.net". ~~Unknown~~ amount of time later the original endpoint used for the authentication was shut down~~, breaking~~ authentication support for several old Minecraft versions, despite no actual changes in the behavior of the endpoint. The latter endpoint still works, despite being insecure (supports HTTP requests, with token being within the URL parameters) - this means that the shutdown is likely not a security concern.

In version Beta 1.8, Mojang changed the endpoint used for authentication on Minecraft servers from "www.minecraft.net" to "session.minecraft.net". An unknown amount of time later, the original endpoint used for the authentication was shut down. This broke authentication support for several old Minecraft versions, despite no actual changes in the behavior of the endpoint. The latter endpoint still works, despite being insecure (supports HTTP requests, with the token being within the URL parameters) - this means that the shutdown is likely not a security concern.

Lack of authentication has caused several Minecraft servers to:

*lose part of ~~the~~ playerbase due to a need ~~of modding~~ the game client (and server) to fix the authentication issue,

*lose part of their playerbase due to a need to mod the game client (and server) to fix the authentication issue,

*become completely insecure by allowing non-premium Minecraft users to join (e.g. opens the risk of botting the server, or brute-forcing user login passwords),

*become completely insecure by allowing non-premium Minecraft users to join (e.g. opens the risk of botting the server or brute-forcing user login passwords),

*break the EULA of the game due to allowing non-premium Minecraft users to join their server.

@@ Line 46: / Line 46: @@
 ===Minecraft Beta pre-1.8's lack of authentication===
 {{Main|Minecraft Beta pre-1.8's lack of authentication}}
-In version Beta 1.8, Mojang has changed the endpoint used for authentication on Minecraft servers from "www.minecraft.net" to "session.minecraft.net". Unknown amount of time later the original endpoint used for the authentication was shut down, breaking authentication support for several old Minecraft versions, despite no actual changes in the behavior of the endpoint. The latter endpoint still works, despite being insecure (supports HTTP requests, with token being within the URL parameters) - this means that the shutdown is likely not a security concern.
+In version Beta 1.8, Mojang changed the endpoint used for authentication on Minecraft servers from "www.minecraft.net" to "session.minecraft.net". An unknown amount of time later, the original endpoint used for the authentication was shut down. This broke authentication support for several old Minecraft versions, despite no actual changes in the behavior of the endpoint. The latter endpoint still works, despite being insecure (supports HTTP requests, with the token being within the URL parameters) - this means that the shutdown is likely not a security concern.
 Lack of authentication has caused several Minecraft servers to:
-*lose part of the playerbase due to a need of modding the game client (and server) to fix the authentication issue,
+*lose part of their playerbase due to a need to mod the game client (and server) to fix the authentication issue,
-*become completely insecure by allowing non-premium Minecraft users to join (e.g. opens the risk of botting the server, or brute-forcing user login passwords),
+*become completely insecure by allowing non-premium Minecraft users to join (e.g. opens the risk of botting the server or brute-forcing user login passwords),
 *break the EULA of the game due to allowing non-premium Minecraft users to join their server.