Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.xreatlabs.space/llms.txt

Use this file to discover all available pages before exploring further.

Security Features

NexAuth implements enterprise-grade security measures to protect player accounts and server integrity.

Core Security Features

Brute Force Protection

security {
    login {
        backoff {
            # Whether to apply exponential login backoff after wrong password attempts.
            enabled=false
            # Initial login backoff in milliseconds.
            initial-ms=1000
            # Maximum login backoff in milliseconds.
            max-ms=30000
            # Multiplier used by login backoff.
            multiplier=2
        }
        lockout {
            # Whether to lock login attempts after repeated failures.
            enabled=false
            # Wrong login attempts threshold before lockout is applied.
            threshold=10
            # Lockout duration in milliseconds after reaching threshold.
            duration-ms=300000
        }
    }
}

Password Requirements

# The minimum length of a password. Set to negative to disable.
minimum-password-length=-1

Rate Limiting

# Sets the maximum amount of accounts that can be registered from the same IP address.
# Set to zero or less to disable.
# !!THIS IS NOT RECOMMENDED!! Due to the lack of IPv4 addresses, sometimes even entire villages share the same IP address.
ip-limit=-1

Data Encryption

  • Password hashing - bcrypt with salt
  • Session data - Encrypted storage
  • Sensitive fields - AES-256 encryption
  • Database connections - SSL/TLS support

Monitoring & Logging

# Should we enable debug mode? This will print out debug messages to the console.
debug=true

Best Practices

Next Steps

API Reference

Explore the security API for custom integrations.