Mod

ServerConfigCleaner

Quick rating

ServerConfigCleaner

No reviews yet

Avoids syncing sensitive values in configs to the client

Bug Fixes
Mod Loaders
Forge
NeoForge
Minecraft

Community voices

Reviews

Versions
Loading versions…
Match includes

Click once to include, again to exclude, again to clear

Rating Any
Any 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 5.0
Min
Max
Play Status
Reviews
Time Played
hrs+
Verified developers only
Has developer response
List view
Grid view
Compact view
Sort by
Date
Rating
Helpful
Unhelpful
Edited
Sort ascending
Delete this review?

This removes your review from the project. You can write a new review after.

Review submitted for moderation

Your review has been sent to moderators, who will check that it meets our guidelines before it appears publicly.

No reviews yet. Be the first to review this project!

Get it on

Available Platforms

Compatibility

Supported Environments

Dev Environment
Client Unsupported
Server Required

About

Project Details

Type
Mod
License
MIT License
Latest Version
ServerConfigCleaner-1.1-1.21.0-neo.jar

For authors

Embed Badge

If you're the author of this project, you can embed a live badge anywhere that supports HTML or Markdown. It updates automatically whenever ratings change.

Custom banner text
ModDex rating badge preview

Use HTML for any page that supports it, or Markdown for README files and Markdown-based descriptions.

Identifiers

Platform IDs

CurseForge ID
Modrinth ID

Resources

External Links

Source Issues Wiki Discord

About

Description

NeoForge and MinecraftForge sync the entire content of all "server configs" to the client. Since this is not clear from the naming, some mods ended up putting secret values in these configs, e.g. Discord bot tokens. If you run a server using a mod with this issue, this allows any user that can join your server to access these values. This mod avoids this by removing sensitive values before the config is sent to the client.

Versions

Since this mod covers a wide range of Minecraft versions and two modloaders, the versioning scheme is somewhat complicated. See the table below for the correct version for your loader and Minecraft version.

Loader Minecraft version Mod version suffix
MinecraftForge 1.13.2 - 1.16.5 -1.13.2
MinecraftForge 1.17.x - 1.20.1 -1.17.1
NeoForge 1.20.1 -1.17.1
MinecraftForge 1.20.2+ -1.20.2-mcf
NeoForge 1.20.2 - 1.20.5 -1.20.2-neo
NeoForge 1.21.0+ -1.21.0-neo

How it works

This mod works in two stages: First, it detects config options that potentially contain sensitive information during launch. Since this is done using a very rough heuristic, the options that are found have to be manually classified in the config/serverconfigcleaner-common.toml config file:

  1. Most of them will be false positives, harmless options that happen to match the heuristic. For example, the option logistics.seatHostileMobs in Create would be marked as a potentially sensitive option since it contains the string Host. These config values have to be added to the falsePositives list.
  2. Some of them may be options that contain actual sensitive values. These options have to be added to the doNotSync list in the same format, e.g. doNotSync = ["mymod:discord.token"].

To continue the launch, all found values have to be classified in the ServerConfigCleaner config. The mod ships with a list of known false positives and known "problematic" options (the latter not in plaintext). Therefore, you should usually not have to do anything at this stage. If you have to add values manually, see below on getting them added to the default lists.

In the second stage, the mod intercepts the config sync on the server. If a value was marked as sensitive in the config after the first stage, the value will be replaced by the default value before being synced to the client. Since the default value for sensitive options is generally a meaningless constant value provided by the developer (e.g. INSERT BOT TOKEN HERE), this can be sent to the client without revealing any secret information.

Reporting missed values

If you run into false positives that are not in the default list in the config, please create an issue listing them.

If you find any server config options that contain sensitive information and are not part of the default set of sensitive options, please do not create an issue with these options. Instead, please get in touch with either malte0811 (Discord: malte0811; e-mail available on GitHub profile) or ThatGravyBoat (Discord: thatgravyboat).

NeoForge and MinecraftForge sync the entire content of all "server configs" to the client. Since this is not clear from the naming, some mods ended up putting secret values in these configs, e.g. Discord bot tokens. If you run a server using a mod with this issue, this allows any user that can join your server to access these values. This mod avoids this by removing sensitive values before the config is sent to the client.

Versions

Since this mod covers a wide range of Minecraft versions and two modloaders, the versioning scheme is somewhat complicated. See the table below for the correct version for your loader and Minecraft version.

Loader Minecraft version Mod version suffix
MinecraftForge 1.13.2 - 1.16.5 -1.13.2
MinecraftForge 1.17.x - 1.20.1 -1.17.1
NeoForge 1.20.1 -1.17.1
MinecraftForge 1.20.2+ -1.20.2-mcf
NeoForge 1.20.2 - 1.20.5 -1.20.2-neo
NeoForge 1.21.0+ -1.21.0-neo

How it works

This mod works in two stages: First, it detects config options that potentially contain sensitive information during launch. Since this is done using a very rough heuristic, the options that are found have to be manually classified in the config/serverconfigcleaner-common.toml config file:

  1. Most of them will be false positives, harmless options that happen to match the heuristic. For example, the option logistics.seatHostileMobs in Create would be marked as a potentially sensitive option since it contains the string Host. These config values have to be added to the falsePositives list.
  2. Some of them may be options that contain actual sensitive values. These options have to be added to the doNotSync list in the same format, e.g. doNotSync = ["mymod:discord.token"].

To continue the launch, all found values have to be classified in the ServerConfigCleaner config. The mod ships with a list of known false positives and known "problematic" options (the latter not in plaintext). Therefore, you should usually not have to do anything at this stage. If you have to add values manually, see below on getting them added to the default lists.

In the second stage, the mod intercepts the config sync on the server. If a value was marked as sensitive in the config after the first stage, the value will be replaced by the default value before being synced to the client. Since the default value for sensitive options is generally a meaningless constant value provided by the developer (e.g. INSERT BOT TOKEN HERE), this can be sent to the client without revealing any secret information.

Reporting missed values

If you run into false positives that are not in the default list in the config, please create an issue listing them.

If you find any server config options that contain sensitive information and are not part of the default set of sensitive options, please do not create an issue with these options. Instead, please get in touch with either malte0811 (Discord: malte0811; e-mail available on GitHub profile) or ThatGravyBoat (Discord: thatgravyboat).

Screenshots

Gallery

This project has no gallery images yet.

Versions

Files

Relations

Project Relations

More like this

Similar Mods

Suggestions use data such as tags, dependencies, dependents, descriptions, titles, and more to rank how much they overlap with this mod.

On ModDex

Community snapshot

0
Ratings
0
Followers
0
In stacks

By the numbers

Statistics

~370,000
Total Downloads
CurseForge
~370,000
Modrinth
~1,000
Last Updated
CurseForge
Created
CurseForge
Modrinth
Last synced
When ModDex last fetched and imported data for this project from CurseForge or Modrinth. High-traffic and active projects are checked more often.
Next pipeline sync