Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2010.12.16 16:39:00 -
[1]
We are pleased to announce that EveBB forum sotware is now available for download.
EveBB is a fast, light, user-friendly forum application for the EVE-Online community.
EveBB has been designed as a lighter, faster alternative to some of the traditional feature heavy forum applications. It is easy to use and includes many unique features designed specifically for the EVE-Online community.
Features
■ Supports PHP4 & PHP5 ■ Supports MySQL ■ Produces valid XHTML 1.0 Strict pages ■ Easily translated (v1.4 supports UTF-8) ■ Easy installation and setup ■ Two versions - Corporation & Alliance Editions ■ API Registration ■ Option to restrict access and only allow corps on the "allowed" list ■ Automatic importing of character name & avatars ■ Version tracking for forum software updates ■ Banner uploading ■ Automatic and manual account checking
For further information & to download EveBB please visit our website at http://www.eve-bb.com
-TW-
|
Squizz Caphinator
Woopatang
|
Posted - 2010.12.16 16:49:00 -
[2]
As someone who's been heavily involved in forum and api integration, I certainly plan to check this out. It certainly looks clean!
How about some questions that I'm sure the community will ask:
* Is this a home grown forum or based on something proven? * How are the APIs stored? Are they encrypted? * Can I only allow people in my Corp/Alliance to register? * What about reds, will the forum tell me if someone has an alt in a red corp/alliance? * Can/will it integrate with TS3 or Mumble?
You'll get plenty more questions I'm sure, this is just a primer.
Nice work and good luck! -- ESAM: SMF API Integration
EDK3 Augmented Banner Mod |
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2010.12.16 17:16:00 -
[3]
Hi Squizz and thanks for the questions. I have used ESAM since the beginning and found it to be an excellent product. I'll try and answer your questions in the order they were asked......
* Is this a home grown forum or based on something proven?
EveBB has been built on FluxBB which is a popular piece of forum software. However we do not intend to follow the FluxBB pathfrom this point on but to develop the software ourselves. As it stands at the moment though using FluxBB as a base has it's advantages as many of the plugins out there will work with EveBB.
* How are the APIs stored? Are they encrypted?
This is a very good question. At the moment they are not encrypted, as any encryption would need to be two way (and thus not nearly as effective as one way hashs). You do not use your API to login over and over however, so the only people that will have access to your keys will be the people with database access. Also it doesn't require Full aPI keys, so the risk associated with it are minimal to begin with and to be honest, if you have people poking in your database, you have bigger worries than how your limited API's are stored...
We are however going to look into the possibilities of making them "more secure" in a later release.
* Can I only allow people in my Corp/Alliance to register?
Yes you can. There is an option to restrict registration which stops any public registration. You can then add corporations to an allowed list and add a rule to move them to a particular group. This make the board quite secure.
* What about reds, will the forum tell me if someone has an alt in a red corp/alliance?
This will be a feature in a future release. We intend to allow administrators to see a members alt character(s) on the same account that they registered with.
* Can/will it integrate with TS3 or Mumble?
Again this is planned for a future release along with a CMS and killboard plugin.
This is the first release of something that we are hoping will get a good following. We encourage people to develop plugins and mods for themselves and to share them with the community.
Thanks
-TW-
|
Max Cetera
Capital Researchs Inc.
|
Posted - 2010.12.16 18:15:00 -
[4]
Originally by: Squizz Caphinator * How are the APIs stored? Are they encrypted?
Why would anyone ever want to encrypt data that will need to be decrypted quite often (and by the same machine) for updates
|
Catari Taga
Centre Of Attention Middle of Nowhere
|
Posted - 2010.12.16 18:19:00 -
[5]
Originally by: Max Cetera
Originally by: Squizz Caphinator * How are the APIs stored? Are they encrypted?
Why would anyone ever want to encrypt data that will need to be decrypted quite often (and by the same machine) for updates
Marketing. --
|
BeanBagKing
Terra Incognita Black Star Alliance
|
Posted - 2010.12.16 20:44:00 -
[6]
Originally by: Max Cetera
Originally by: Squizz Caphinator * How are the APIs stored? Are they encrypted?
Why would anyone ever want to encrypt data that will need to be decrypted quite often (and by the same machine) for updates
I'll use killboards as a great example here. A lot of CEO's wouldn't want to give their full API to anyone, even their own member running a killboard (the guy with the host/technical knowledge may not be the most trusted). However, they would have no problem signing up for eve-kill.net because there the API keys can be encrypted, so that nobody ever sees them, even the database managers.
Now that's a full API key, so there are differences, but it's just an example of a real issue I've already run into in my time. People will probably use this software and create a hosting platform for multiple alliances/corps. If they know that their key is secure and will never be seen by anyone, not even the system admins, they'll probably be a lot more comfortable. However, if the admin plays Eve and they keys aren't encrypted, it would be worth a LOT to some alliances to have a giant database full of api keys and characters (and matching IPs?!?!).
TLDR; you don't always trust the person with database access, nor should you, encrypting they keys would be a very good thing, and personally, I'd like to see this as the next step in the development of this software.
|
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2010.12.16 21:15:00 -
[7]
Edited by: Thorin Wren on 16/12/2010 21:15:58
Originally by: BeanBagKing I'd like to see this as the next step in the development of this software.
We will be looking into this for a future release. Please remember that the system only asks for limited api keys not full keys. Most corporations and alliances will ask for these when you apply to join them. It appears to be normal practice for corps/alliances to check a pilots background, alts and skill points prior to letting them join by using a limited api key.
Also the keys are only present in the database and do not appear anywhere on the board. The database is the only place you would be able to see them.
-TW-
|
Squizz Caphinator
Woopatang
|
Posted - 2010.12.16 21:17:00 -
[8]
Thorin, good answers!
Just in case you don't know yet: Alliance information has been added to the Character sheet. Depending on how your code is setup, you might be able to completely avoid dealing with Alliance XML in most situations. -- ESAM: SMF API Integration
EDK3 Augmented Banner Mod |
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2010.12.16 21:30:00 -
[9]
Originally by: Squizz Caphinator Thorin, good answers!
Just in case you don't know yet: Alliance information has been added to the Character sheet. Depending on how your code is setup, you might be able to completely avoid dealing with Alliance XML in most situations.
We do cache that information when we fetch the character sheet, however in respect to alliances we use the alliance list to get the full corp list for the user on one click (so to speak), this allows them to setup rules for corps that have not registered yet with ease, and they don't have to manually fiddle around to find their CorpID's to add the corp manually.
We also use the alliance list to keep the status of alliances (the corp lists, member count, etc) up to date, although how often this is done depends on the users own settings for the cron jobs (which are not enabled by default; it will do it on a page load).
-TW-
|
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2010.12.17 12:56:00 -
[10]
Just to let everyone know, you can contact us in one of the following ways..............
In-Game Public Channel: EVE-BB
Out of Game Support Forums: http://www.eve-bb.com/forum
Thanks
-TW-
|
|
Max Cetera
Capital Researchs Inc.
|
Posted - 2010.12.17 13:09:00 -
[11]
Originally by: BeanBagKing
Originally by: Max Cetera
Originally by: Squizz Caphinator * How are the APIs stored? Are they encrypted?
Why would anyone ever want to encrypt data that will need to be decrypted quite often (and by the same machine) for updates
I'll use killboards as a great example here. A lot of CEO's wouldn't want to give their full API to anyone, even their own member running a killboard (the guy with the host/technical knowledge may not be the most trusted). However, they would hav there the API keys can be encrypted, so that nobody ever sees them, even the database managers.
Now that's a full API key, so there are differences, but it's just an example of a real issue I've already run into in my time. People will probably use this software and create a hosting platform for multiple alliances/corps. If they know that their key is secure and will never be seen by anyone, not even the system admins, they'll probably be a lot more comfortable. However, if the admin plays Eve and they keys aren't encrypted, it would be worth a LOT to some alliances to have a giant database full of api keys and characters (and matching IPs?!?!).
TLDR; you don't always trust the person with database access, nor should you, encrypting they keys would be a very good thing, and personally, I'd like to see this as the next step in the development of this software.
are u ******ed or something ?? U will always need to decrypt the key to send it to eve apik server. So anyone with access to the server has access to both the decrypt function and the server that also sends it in clear text
|
BeanBagKing
Terra Incognita Black Star Alliance
|
Posted - 2010.12.17 19:20:00 -
[12]
Originally by: Max Cetera Stuff...
You seem to think that more security is a bad thing, not sure I understand why. Even a token gesture of security is better than none at all. The worst thing is giving someone a clear text list of a bunch of API keys. It would be much better if that list was encrypted. Sure someone out there could decrypt it, even if it was one way it could be brute forced in time, but that's extra effort. Maybe your host guy is capable of setting up a simple off the shelf instillation (upload files and a wizard doesn't require much knowledge), but sucks at actual programming, wouldn't know how to decrypt it if his life depended on it. Maybe your database got compromised, but that doesn't mean the code did, so it still can't be decrypted. It's that much less likely to be an issue.
Even better would be if it wasn't sent in cleartext either, but not much can be done about that. My point is that every step helps, when you simply remove yourself as the lowest hanging apple, even if it provides no real security, you've done a lot to protect yourself.
Also, it's you, not U. My grammar is far from perfect but really, it's two extra letters, is it that hard?
|
Max Cetera
Capital Researchs Inc.
|
Posted - 2010.12.17 19:40:00 -
[13]
Useless security is useless. Encrypting something to just decrypt it every 24 hours for updates is about as good for security as applying a hash function twice in a row on a password
And "any bit is security is good" is just massive bull****. When you release software and have "API Keys encrypted" in feature list, you imply that storage is somewhat secure when it's absolutely not.
|
Widerspruch
|
Posted - 2010.12.17 20:03:00 -
[14]
Awesome application. I have been using it for the last day or so and have a question. I want to have a forum restricted to a group of users (Alliance CEOs) while also having some other forums restricted by corporation. Is there a way to have a user be part of multiple groups? Say their respective Corporation group and a Leadership group.
|
Squizz Caphinator
Woopatang
|
Posted - 2010.12.17 20:14:00 -
[15]
While Max may have a point, his failure to constructively criticize the issue of encryption demonstrates that his opinion is neither informed or well thought out.
Any competent forum or server administrator will fully understand the implications of providing encryption in such environments that require forum and API integration. -- ESAM: SMF API Integration
EDK3 Augmented Banner Mod |
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2010.12.17 21:00:00 -
[16]
Originally by: Widerspruch Awesome application. I have been using it for the last day or so and have a question. I want to have a forum restricted to a group of users (Alliance CEOs) while also having some other forums restricted by corporation. Is there a way to have a user be part of multiple groups? Say their respective Corporation group and a Leadership group.
As a user of both the alliance and corporation packages myself this is something I was looking at. At the moment there is not but it is planned in a future release (probably the next one). The only way to do what you want at the moment is to manually assign CEOs to an admin user group and give them the permissions you seek. What we are looking at for the next release is to move the permissions to the user groups rather than the forums. This will hopefully make the eve rules a lot more flexible.
-TW-
|
Max Cetera
Capital Researchs Inc.
|
Posted - 2010.12.17 21:07:00 -
[17]
Originally by: Squizz Caphinator Any competent forum or server administrator will fully understand the implications of providing encryption in such environments that require forum and API integration.
The only security enhancement that could be made would be SSL on the forum itself (so transfer of API Key from user to database is secured), which is only up to the person hosting it, and the possibility of connecting to CCP's API server via SSL (or by using any decent form of encryption) too, which is "never" going to happen.
Anyway enough off-topic about a lol-feature that the OP didn't include in what seem to be a nice forum software.
|
WisdomPanda
Gallente Oberon Incorporated Morsus Mihi
|
Posted - 2010.12.17 21:18:00 -
[18]
Originally by: Max Cetera Useless security is useless. Encrypting something to just decrypt it every 24 hours for updates is about as good for security as applying a hash function twice in a row on a password
And "any bit is security is good" is just massive bull****. When you release software and have "API Keys encrypted" in feature list, you imply that storage is somewhat secure when it's absolutely not.
I think we're mixing the terms here a bit. People who want the information "encrypted" are generally thinking "obfuscated" instead. What most people are searching for is the ability to hide it from "casual observers". Although any system admin/developer/tech-head will shudder at the idea of having "casual observes" in your database... (However, that's not for us to decide, people will always be weird and wonderful variables. If only you could define them static...)
As to the issue as a whole: There is a simple truth; If the person has access to your webserver, they will be able to obtain your API information, regardless of how you store it or even where you store it. (You'll still need to get it, even if it's a on a remote DB server. The only difference being that if the remote DB server is the only one comprimised, encrypting your data may be of use.)
I do have a few ideas on how to reduce the window for abuse though, I'll need to see if it will effect performance or features first before it could even think about being added though.
Originally by: Widerspruch Awesome application. I have been using it for the last day or so and have a question. I want to have a forum restricted to a group of users (Alliance CEOs) while also having some other forums restricted by corporation. Is there a way to have a user be part of multiple groups? Say their respective Corporation group and a Leadership group.
FluxBB does not have support for multiple groups out of the box, I'll need to add it in to the base before we can add upon it. The refinement of rules will be one of the headline features for 1.0.0 however, with corp roles/specific characters also being able to play a role in group assignment. (This will more than likely include the addition of multiple groups per-user and the ability to set permissions per-group.)
1.0.0 should be out mid to late January. (It will vary depending on the final feature list agreed upon.) ----- Cheesecake, Natures ultimate weapon. |
graves warship
Caldari Hysterically Unforgiving Wildly Inappropriate.
|
Posted - 2010.12.18 08:46:00 -
[19]
installing it on a local machine to see what i can do with it now i get an error: Invalid username and/or password passed to UserData.LoginWebUser(). any ideas?
|
WisdomPanda
Gallente Oberon Incorporated Morsus Mihi
|
Posted - 2010.12.18 20:15:00 -
[20]
Edited by: WisdomPanda on 18/12/2010 20:15:31
Originally by: graves warship installing it on a local machine to see what i can do with it now i get an error: Invalid username and/or password passed to UserData.LoginWebUser(). any ideas?
Are you using xammp by chance?
If that doesn't shed some light on it, hit me up in game and we can get to the bottom of it. ----- Cheesecake, Natures ultimate weapon. |
|
Nate719
Gallente The Black Legionnares Fidelas Constans
|
Posted - 2010.12.20 06:06:00 -
[21]
I've got a small issue, I'm sure its my webserver... but its not fetching avatars.
|
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2010.12.20 09:45:00 -
[22]
Originally by: Nate719 I've got a small issue, I'm sure its my webserver... but its not fetching avatars.
Hi Nate,
Please could you visit http://www.eve-bb.com/forum and submit a bug report please. This is the quickest way to get things looked at and resolved.
Thanks
-TW-
|
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2010.12.31 08:38:00 -
[23]
So far so good!
Back to the top!
-TW-
|
Bruno Bourque
|
Posted - 2010.12.31 10:45:00 -
[24]
I posted this on your forums but it hasnt been approved yet so I will ask it here:
1. Do you have a release date in mind for 1.0.0. Yes encryption can be rather pointless BUT it goes a long way to encouraging people to enter it into a forum/killboard ect. Every eve player is paranoid, it helps to make them feel at ease.
2. For the next release or an upcoming one could it be possible to store LESS character information? Maybe have it selectable by the member themselves. For a forum, you dont need to know how much Isk a character has ect. You need Name, Corp, Alliance. Again, this goes to help encourage people to enter their API to get registered.
Someone mentioned that big corps ask for this already... yes they do. But smaller corps / alliances may not. So having the option for a user to choose to hand over no information but names, corps and alliances is good.
Thanks Hobo
|
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2011.01.01 12:10:00 -
[25]
Sorry Bruno, had the board set to put posts in the moderation queue by mistake. Now sorted and answered your post.
-TW-
|
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2011.01.04 12:14:00 -
[26]
Still working on those bugs and the next version but managed to find time to find a new theme. Have a look at http://www.eve-bb.com/forum/showthread.php?t=106
-TW-
|
Thorin Wren
EVE Guardian Angels EVESpace
|
Posted - 2011.01.05 10:56:00 -
[27]
Edited by: Thorin Wren on 05/01/2011 10:57:23 EveBB v0.9.3 available for download from http://www.eve-bb.com
Patch notes:
■ Fix for 128 pixel character images not showing. ■ Fix for manual group roles not sticking. ■ Minor CSS code changes to the default style. ■ Various minor bug fixes.
-TW-
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |