computertech/duckhunt
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
00e129d2f3158f99ccab4844f7d23520b608fdf3
duckhunt/ADMIN_SECURITY.md
ComputerTech312 f3a9c5b611 Security fixes, UI improvements, and game balance updates 
- Fixed critical security vulnerabilities in shop targeting system
- Fixed admin authentication bypass issues
- Fixed auto-rearm feature config path (duck_spawning.rearm_on_duck_shot)
- Updated duck spawn timing to 20-60 minutes for better game balance
- Enhanced inventory display formatting with proper spacing
- Added comprehensive admin security documentation
2025-09-26 19:06:26 +01:00

46 lines
1.1 KiB
Markdown
Raw Blame History

# Enhanced Admin Configuration
For better security, update your `config.json` to use hostmask-based admin authentication:
## Current (Less Secure) - Nick Only:
```json
{
"admins": [
"peorth",
"computertech",
"colby"
]
}
```
## Recommended (More Secure) - Hostmask Based:
```json
{
"admins": [
{
"nick": "peorth",
"hostmask": "peorth!*@trusted.domain.com"
},
{
"nick": "computertech",
"hostmask": "computertech!*@*.isp.net"
},
{
"nick": "colby",
"hostmask": "colby!user@192.168.*.*"
}
]
}
```
## Migration Notes:
- The bot supports both formats for backward compatibility
- Nick-only authentication generates security warnings in logs
- Hostmask patterns use shell-style wildcards (* and ?)
- Consider using registered nick services for additional security
## Security Benefits:
- Prevents nick spoofing attacks
- Allows IP/hostname restrictions
- Provides audit logging of admin access
- Maintains backward compatibility during migration
Reference in New Issue View Git Blame Copy Permalink