Is there any way as a server admin to find the password for someone's password sytem?

I'm a server admin, and I would like to know what people put for there passwords on there systems? is there any way to do this?

Im not sure that that is moraly right…

Anyway, try hacking the computers themself.

If your the server admin just go into the save folder for the server and there will be a folder called computer. Inside it will be a folder for each computer on the server. Open the code and find the passwords or where they are storing them.

The ability to do this does not make it an ethical thing to do. This is something that a bad admin would do.

Lyqyd, on 08 September 2012 - 05:05 AM said:

The ability to do this does not make it an ethical thing to do. This is something that a bad admin would do.

Why not? It's on their server.

I mean, my preference would be to just go through the door using //thru, but still. If anybody is using the same password on computercraft as they do for other stuff, they're foolish beyond measure.

Being the admin of a server certainly gives you the physical ability to do whatever you want to the server and the players playing on it, but this sort of thing is a significant breach of trust. It's not a nice thing to do to your players. If they're password protecting things, it should be fairly obvious that they don't want to be sharing that space. Just because being an admin gives you the ability to bypass those restrictions, doesn't make bypassing them the right thing to do.

Depends on the reason why the admin wants the access. I'm sure there are totaly valid reasons why an admin would want/need this information/access.

luanub, on 08 September 2012 - 06:30 AM said:

Depends on the reason why the admin wants the access. I'm sure there are totaly valid reasons why an admin would want/need this information/access.

Like… er… Well, there's the… that thing… no? I really don't see any reason why an admin would abuse his position to take his users' passwords besides douchebaggery.

luanub, on 08 September 2012 - 03:58 AM said:

If your the server admin just go into the save folder for the server and there will be a folder called computer. Inside it will be a folder for each computer on the server. Open the code and find the passwords or where they are storing them.

Thanks.

luanub, on 08 September 2012 - 06:30 AM said:

Depends on the reason why the admin wants the access. I'm sure there are totaly valid reasons why an admin would want/need this information/access.

EternalFacepalm, on 08 September 2012 - 10:37 AM said:

luanub, on 08 September 2012 - 06:30 AM said:

Depends on the reason why the admin wants the access. I'm sure there are totaly valid reasons why an admin would want/need this information/access.

Like… er… Well, there's the… that thing… no? I really don't see any reason why an admin would abuse his position to take his users' passwords besides douchebaggery.

Say someones puts griefing info on there computer and Password Protects it?

Lyqyd, on 08 September 2012 - 06:13 AM said:

Being the admin of a server certainly gives you the physical ability to do whatever you want to the server and the players playing on it, but this sort of thing is a significant breach of trust. It's not a nice thing to do to your players. If they're password protecting things, it should be fairly obvious that they don't want to be sharing that space. Just because being an admin gives you the ability to bypass those restrictions, doesn't make bypassing them the right thing to do.

As an Admin, I have the ability and the right to check on anything on the server. If that requires bypassing a password, so be it. I've never had to do it, but I would if I felt a need. And I'd feel totally fine with an admin on a server I play doing it. Like I said before, using a password in CC that you actually care about is just plain foolish, and if you do, the admin getting it is the least of your worries.

I can bypass their chest protections, their area protections, hell even their inventory. Why not their computers?

Mrawesomecookie, on 08 September 2012 - 04:00 PM said:

Say someones puts griefing info on there computer and Password Protects it?

What the hell is "griefing info"? A log of what they've griefed? … really?

EternalFacepalm, on 08 September 2012 - 11:14 PM said:

Mrawesomecookie, on 08 September 2012 - 04:00 PM said:

Say someones puts griefing info on there computer and Password Protects it?

What the hell is "griefing info"? A log of what they've griefed? … really?

I could make a program that does nothing other than waste computer resorces and crash the server. Then protect the computer so you cant see it.

Or, I could have a pass word door that one does not just tp through, examples being a force feild lazer armed exploding door from hell. (tekkit is fun)

But using adminly powers to obtain passwords is definatly not right.

If it was me, I'd probably just ban the person then delete the files. Wouldn't really matter if I looked at their password or not at that point.

It would be kind of fun to put in new code, leave them a little message and then when they see it ban them…

D3matt, on 08 September 2012 - 05:10 PM said:

Lyqyd, on 08 September 2012 - 06:13 AM said:

Being the admin of a server certainly gives you the physical ability to do whatever you want to the server and the players playing on it, but this sort of thing is a significant breach of trust. It's not a nice thing to do to your players. If they're password protecting things, it should be fairly obvious that they don't want to be sharing that space. Just because being an admin gives you the ability to bypass those restrictions, doesn't make bypassing them the right thing to do.

As an Admin, I have the ability and the right to check on anything on the server. If that requires bypassing a password, so be it. I've never had to do it, but I would if I felt a need. And I'd feel totally fine with an admin on a server I play doing it. Like I said before, using a password in CC that you actually care about is just plain foolish, and if you do, the admin getting it is the least of your worries.

I can bypass their chest protections, their area protections, hell even their inventory. Why not their computers?

My point is that you shouldn't be bypassing any of that just because. If there are valid reasons like a sudden overabundance of diamond equipment, it might be worth looking to see whether they're acquiring things legitimately or not. But bypassing those sorts of things because you feel like it is terrible abuse of admin privileges.

Lyqyd, on 09 September 2012 - 03:19 AM said:

D3matt, on 08 September 2012 - 05:10 PM said:

Lyqyd, on 08 September 2012 - 06:13 AM said:

Being the admin of a server certainly gives you the physical ability to do whatever you want to the server and the players playing on it, but this sort of thing is a significant breach of trust. It's not a nice thing to do to your players. If they're password protecting things, it should be fairly obvious that they don't want to be sharing that space. Just because being an admin gives you the ability to bypass those restrictions, doesn't make bypassing them the right thing to do.

As an Admin, I have the ability and the right to check on anything on the server. If that requires bypassing a password, so be it. I've never had to do it, but I would if I felt a need. And I'd feel totally fine with an admin on a server I play doing it. Like I said before, using a password in CC that you actually care about is just plain foolish, and if you do, the admin getting it is the least of your worries.

I can bypass their chest protections, their area protections, hell even their inventory. Why not their computers?

My point is that you shouldn't be bypassing any of that just because. If there are valid reasons like a sudden overabundance of diamond equipment, it might be worth looking to see whether they're acquiring things legitimately or not. But bypassing those sorts of things because you feel like it is terrible abuse of admin privileges.

I did not say I would bypass it "just for fun", but I'm saying that it's fully within the realm of admin powers. ANY abuse of admin powers is a bad thing, this is no different. it should be considered as part of the realm of admin priveleges, and you should expect that nothing you put on your CC computer is safe or private, either from an admin or other sources.

Why is your CC computer so private to you anyway? It's just minecraft stuff. The worst I could do is steal your programs.

D3matt, on 09 September 2012 - 06:29 AM said:

Lyqyd, on 09 September 2012 - 03:19 AM said:

D3matt, on 08 September 2012 - 05:10 PM said:

Lyqyd, on 08 September 2012 - 06:13 AM said:

Being the admin of a server certainly gives you the physical ability to do whatever you want to the server and the players playing on it, but this sort of thing is a significant breach of trust. It's not a nice thing to do to your players. If they're password protecting things, it should be fairly obvious that they don't want to be sharing that space. Just because being an admin gives you the ability to bypass those restrictions, doesn't make bypassing them the right thing to do.

As an Admin, I have the ability and the right to check on anything on the server. If that requires bypassing a password, so be it. I've never had to do it, but I would if I felt a need. And I'd feel totally fine with an admin on a server I play doing it. Like I said before, using a password in CC that you actually care about is just plain foolish, and if you do, the admin getting it is the least of your worries.

I can bypass their chest protections, their area protections, hell even their inventory. Why not their computers?

My point is that you shouldn't be bypassing any of that just because. If there are valid reasons like a sudden overabundance of diamond equipment, it might be worth looking to see whether they're acquiring things legitimately or not. But bypassing those sorts of things because you feel like it is terrible abuse of admin privileges.

I did not say I would bypass it "just for fun", but I'm saying that it's fully within the realm of admin powers. ANY abuse of admin powers is a bad thing, this is no different. it should be considered as part of the realm of admin priveleges, and you should expect that nothing you put on your CC computer is safe or private, either from an admin or other sources.

Why is your CC computer so private to you anyway? It's just minecraft stuff. The worst I could do is steal your programs.

Oh, so you do agree? Excellent. See, the reason I raised the point in the first place was because of the original post:

Mrawesomecookie, on 08 September 2012 - 03:25 AM said:

I'm a server admin, and I would like to know what people put for there passwords on there systems? is there any way to do this?

He wanted to know what the passwords were. That's hinky, and not in line with things-that-are-necessary-to-administrate-properly.

Also, my CC computers aren't private per se, but if someone you play with abuses admin privileges to gain access to information that they want, not need, that wouldn't be available without admin powers, that would be upsetting. It's not about what they stand to gain necessarily, but it's a breach of trust.

It's worth noting, that sometimes the password is needed to gain the access to private data. Not providing it to the moderators can only create additional problems, as the lack of access to data in a form designed to be read can be considered as obstruction of justice and punishable. The computer may be also taken from its owner, so asking him/her to enter the password himself/herself would be needed every time the data is accessed.
You can say that the data could be saved on a disk, but:
1. That wouldn't be a good evidence
2. It's not always possible (without additional coding)

TL;DR:
Hacking or asking for password is OK but only when necessary, thinking otherwise is a proof of stupidity.
(Although when it's necessary, it's pretty much impossible to "hack" the password, as long as the security author isn't a complete idiot.)

Since you are an admin, I assume that you can place blocks everywhere.

Just place a disk drive with blank startup floppy next to a computer to reboot it. It will reboot into normal console and you can edit password program to see it.

You can look into server files, but it's difficult to determine ID of the computer without having access to it.

Have to agree with most people, Wanting to know someones password on their computer is wrong
A. That might be a personal password
B, It might be their MC Password

They have locked it for a reason stop trying to get into it.

StevenW129, on 09 September 2012 - 02:45 PM said:

Have to agree with most people, Wanting to know someones password on their computer is wrong
A. That might be a personal password
B, It might be their MC Password

They have locked it for a reason stop trying to get into it.

If you use either of those passwords in your CC programs your an idiot and deserve what you get if someone gains access to it.

After all, if you are playing on someone elses hardware, they already have access to them. They don't need to get the comp ID or anything they can just start going through the files in the folders until they find what they want.

I don't care how good of a person the admin is, I still would never ever put any of my personal passwords in a text file on someone elses computer. Its just stupid.

luanub, on 09 September 2012 - 09:51 PM said:

After all, if you are playing on someone elses hardware, they already have access to them. They don't need to get the comp ID or anything they can just start going through the files in the folders until they find what they want.

And what if the data is encrypted, and you need a key to decrypt it? You didn't think about this, huh.

Jajnick, on 09 September 2012 - 09:57 PM said:

luanub, on 09 September 2012 - 09:51 PM said:

After all, if you are playing on someone elses hardware, they already have access to them. They don't need to get the comp ID or anything they can just start going through the files in the folders until they find what they want.

And what if the data is encrypted, and you need a key to decrypt it? You didn't think about this, huh.

Doesn't matter. Still stupid to put a password that matters to you on somebody else's minecraft server. Why take the risk? Is it really that hard to remember another password for computercraft stuff? You don't even have to remember it, you can put it in a text file on your desktop if you really want to, because it's not anything that really matters.

A) They could get the encryption key from your encryption program, unless you're keeping the key in your head in which case why not just make a new password for it in the first place?
:D/>/> It's still being sent in plaintext
C) Encryption is breakable

Jajnick, on 09 September 2012 - 09:57 PM said:

luanub, on 09 September 2012 - 09:51 PM said:

After all, if you are playing on someone elses hardware, they already have access to them. They don't need to get the comp ID or anything they can just start going through the files in the folders until they find what they want.

And what if the data is encrypted, and you need a key to decrypt it? You didn't think about this, huh.

As the admin I have access to your files. I edit the code and have it save what you enter in a file for me. Unless you check your code every time you get on you'd have no clue.

I don't trust anyone but myself with that type of information.

technically speaking, even tho most people won't do it, you could write a piece of code that requires 2 passwords… 1 is saved and the other encrypts the first one and compares it with the saved one.
that way, the saved password would not help you.
Say a simple caesar shift… first password: cat, second password: aaa, and the stored password would be "dbu"
upside… admin can't hack your password…
downside… many combinations can yield the same result… bzs + bbb will also result in dbu… also, the admin can just put – infront of the lines that encode the password… but then again… he can just rewrite the whole thing and replace input = read() with input = "dbu" and problem solved…

besides… some servers tell you before you join "hey, everything you do is property of the admins"…

D3matt, on 10 September 2012 - 12:45 AM said:

A) They could get the encryption key from your encryption program, unless you're keeping the key in your head in which case why not just make a new password for it in the first place?
B) It's still being sent in plaintext
C) Encryption is breakable

A) There are better ways of checking if the password is correct than comparing it to one saved in the program (see my previous post).
B) Getting such information would be more like "hacking" real computers instead of the CC ones.
C) Everything is breakable. The encryption of data is the best way of protecting it, since the key must be known. The longer the key is - the harder it is to bruteforce it.

luanub, on 10 September 2012 - 02:35 AM said:

As the admin I have access to your files. I edit the code and have it save what you enter in a file for me. Unless you check your code every time you get on you'd have no clue.

And yes, I'd always check the code before executing it, if it's important.

Jajnick, on 10 September 2012 - 02:57 PM said:

A) There are better ways of checking if the password is correct than comparing it to one saved in the program (see my previous post).
:D/>/> Getting such information would be more like "hacking" real computers instead of the CC ones.
C) Everything is breakable. The encryption of data is the best way of protecting it, since the key must be known. The longer the key is - the harder it is to bruteforce it.

A) Now you're talking about hashing, not encryption.
:D/>/> Yes, and? Why take the chance when you can easily just use a different, unimportant, password?
C) And the server admin WILL know the key, unless you type the key AND the password in every time, in which case see my previous point A) (Why not just make a new password instead of going to such ridiculous lengths to keep it safe?) Encryption in the world world is generally used to protect point-to-point transmission, not protect end-point data, for good reason.