Pages: 1 [2] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 2 post(s) |
Madden Canrende
The Dark Space Initiative Scary Wormhole People
25
|
Posted - 2016.08.26 21:33:46 -
[31] - Quote
+1
Member of the #TweetFleet @Madden_Canrende
|
Dean Hekki
Nerapa Krabbing Industries
1
|
Posted - 2016.08.26 21:35:52 -
[32] - Quote
+1 |
Inspector General
The Dark Space Initiative Scary Wormhole People
0
|
Posted - 2016.08.26 21:37:03 -
[33] - Quote
+1 |
Harold Tuphlos
The Dark Space Initiative Scary Wormhole People
92
|
Posted - 2016.08.26 21:45:58 -
[34] - Quote
+1 because I'm not always in a leadership position in a fleet. |
Foedus Latro
Hard Knocks Inc. Hard Knocks Citizens
242
|
Posted - 2016.08.26 21:54:11 -
[35] - Quote
+1 because Exo told me to and he wears the pants in the wormhole family.
Just a wormhole guy
|
Rastuasi
The Dark Space Initiative Scary Wormhole People
43
|
Posted - 2016.08.26 21:54:15 -
[36] - Quote
+1 |
Valarian Dumonte
The Dark Space Initiative Scary Wormhole People
2
|
Posted - 2016.08.26 22:01:00 -
[37] - Quote
Foedus Latro wrote:+1 because Exo told me to and he wears the pants in the wormhole family.
LOL +1 |
Admiral Stretch
The Dark Space Initiative Scary Wormhole People
0
|
Posted - 2016.08.26 23:51:21 -
[38] - Quote
+1 |
Kyle Brutor
The Dark Space Initiative Scary Wormhole People
3
|
Posted - 2016.08.26 23:52:49 -
[39] - Quote
+1 |
T-Tommy Tucker
The Dark Space Initiative Scary Wormhole People
0
|
Posted - 2016.08.26 23:56:23 -
[40] - Quote
+1 |
|
Atreyu Kouvo
The Dark Space Initiative Scary Wormhole People
0
|
Posted - 2016.08.27 00:02:19 -
[41] - Quote
+1 |
Trenzalore Fields
OpSec. Wrong Hole.
1
|
Posted - 2016.08.27 02:32:31 -
[42] - Quote
+1 |
Dominous Nolen
We're Happy In Wormhole Space
214
|
Posted - 2016.09.05 19:53:25 -
[43] - Quote
+1. This is vital for wormhole corps to know details about hole life
@dominousnolen
|
Bellerian
Out of Focus Odin's Call
34
|
Posted - 2016.09.10 11:21:11 -
[44] - Quote
+1 |
Ezio Dicostanzo
Out of Focus Odin's Call
22
|
Posted - 2016.09.10 11:54:38 -
[45] - Quote
+1 for sure |
Snehova Boure
Imperial Academy Amarr Empire
16
|
Posted - 2016.09.14 15:17:02 -
[46] - Quote
Anyone from CCP can make statement to this ? |
Steve Ronuken
Fuzzwork Enterprises Vote Steve Ronuken for CSM
6182
|
Posted - 2016.09.16 13:21:50 -
[47] - Quote
I'm not CCP, and I can't commit them to anything, but the concern is one that's been noted.
Woo! CSM XI!
Fuzzwork Enterprises
Twitter: @fuzzysteve on Twitter
|
|
CCP Bartender
C C P C C P Alliance
74
|
Posted - 2016.09.16 16:00:29 -
[48] - Quote
Hey all, here's the status drop:
I've just written up the CREST endpoint providing this info on a 5 second cache timer, essentially identical to the location endpoint. I might tweak that cache timer after we've done some performance testing, but I want to keep it as short as possible. It might end up in the ballpark of 10-30 seconds, or it might be fine; we'll see.
That'll be on Singularity fairly SoonGäó, but it may be disabled when it arrives on Tranquillity. This is due to concerns we have with authorizations granted to third party apps that users have forgotten to revoke[1].
Combining the low-cache-time location endpoint with a low-cache-time ship type endpoint dramatically lowers the barrier of entry for a malicious developer to abuse old and forgotten refresh tokens for near real-time intelligence. Because of this, we want to pre-emptively protect our players.
We're looking at a few ways to do this: Mandatory refresh token expiry for highly sensitive scopes is one option, and we're also considering the merits of a quarterly security review mail. We're actively working on this problem, but until we have mechanisms in place that we feel are adequate we will not be opening this endpoint on TQ.
More as it happens!
[1] You can do this at https://community.eveonline.com/support/third-party-applications/, go do a spring cleaning! |
|
Sentient Blade
Crisis Atmosphere Coalition of the Unfortunate
1708
|
Posted - 2016.09.16 17:22:51 -
[49] - Quote
CREST is sufficiently tied into the proxies that it's able to send notifications isn't it? Seems like a pretty easy solution would be to use them to inform a player that something is afoot.
"Simply" give your CREST layer a table (character_id, application_id>, last_access). Check it each time a call to the location is made, if it's been more than (for example) 60 minutes since the last call to that character, from that application, fire off a bottom-right notification to the client "Your position is being monitored by XYZ application".
Have it appear in the notification groups too. |
Kniht
88
|
Posted - 2016.09.16 19:56:35 -
[50] - Quote
CCP Bartender wrote:This is due to concerns we have with authorizations granted to third party apps that users have forgotten to revoke[1].
Combining the low-cache-time location endpoint with a low-cache-time ship type endpoint dramatically lowers the barrier of entry for a malicious developer to abuse old and forgotten refresh tokens for near real-time intelligence. Because of this, we want to pre-emptively protect our players.
We're looking at a few ways to do this: Mandatory refresh token expiry for highly sensitive scopes is one option, and we're also considering the merits of a quarterly security review mail. We're actively working on this problem, but until we have mechanisms in place that we feel are adequate we will not be opening this endpoint on TQ. When granting access through SSO, display a time limit. Default to one year or six months. Allow players to manually select "until revoked", and provide at least "one week" and "one month" options. If a "sensitive" scope is requested, default to a shorter option.
o/ fly crazy
|
|
Salgare
Satan's Gut
3
|
Posted - 2016.09.16 20:09:32 -
[51] - Quote
I've also noticed that for the average pilot, the reject currently accepted scopes page is buried and somewhat hard to find. This should be linked to way up in the users account section where things like dual authorization etc. are found.
|
Salgare
Satan's Gut
4
|
Posted - 2016.09.17 18:29:06 -
[52] - Quote
CCP Bartender wrote:I've just written up the CREST endpoint providing this info on a 5 second cache timer, essentially identical to the location endpoint.
What is the endpoints url? |
|
CCP Bartender
C C P C C P Alliance
74
|
Posted - 2016.09.19 12:09:11 -
[53] - Quote
Salgare wrote:CCP Bartender wrote:I've just written up the CREST endpoint providing this info on a 5 second cache timer, essentially identical to the location endpoint. What is the endpoints url?
It's not out yet, still in code review, but it'll be linked from the character page, same as the location endpoint
(/ship/ instead of /location/) |
|
Exodus 4D
Ministry of War Amarr Empire
23
|
Posted - 2016.09.26 16:16:36 -
[54] - Quote
Awesome! I-¦m looking forward to implement this in Pathfinder
PATHFINDER the next generation mapping tool for EVE ONLINE
> "Open Source", Free, Join Now
|
Elnia Arthie
Signature Unknown
3
|
Posted - 2016.10.04 20:30:03 -
[55] - Quote
Yeah, looking forward to integrating that in our own mapper to get mass tracking back. Thanks CCP Bartender! |
Jack Tronic
borkedLabs
240
|
Posted - 2016.10.11 13:12:34 -
[56] - Quote
CCP Bartender wrote:Hey all, here's the status drop: I've just written up the CREST endpoint providing this info on a 5 second cache timer, essentially identical to the location endpoint. I might tweak that cache timer after we've done some performance testing, but I want to keep it as short as possible. It might end up in the ballpark of 10-30 seconds, or it might be fine; we'll see. That'll be on Singularity fairly SoonGäó, but it may be disabled when it arrives on Tranquillity. This is due to concerns we have with authorizations granted to third party apps that users have forgotten to revoke[1]. Combining the low-cache-time location endpoint with a low-cache-time ship type endpoint dramatically lowers the barrier of entry for a malicious developer to abuse old and forgotten refresh tokens for near real-time intelligence. Because of this, we want to pre-emptively protect our players. We're looking at a few ways to do this: Mandatory refresh token expiry for highly sensitive scopes is one option, and we're also considering the merits of a quarterly security review mail. We're actively working on this problem, but until we have mechanisms in place that we feel are adequate we will not be opening this endpoint on TQ. More as it happens! [1] You can do this at https://community.eveonline.com/support/third-party-applications/, go do a spring cleaning!
1. Why not a new permission + new endpoint that includes both? Otherwise I'll be hitting you two queries at the same time with stupid amounts of overhead for what's just an extra key:value pair. I have no problem murdering CREST with 1k requests every 10 seconds multiplied by two otherwise, not my servers that'll be crying ;) Yes, siggy has a legitimate reason to query 1k requests, the total monitored characters is quite up there.
2. Your problem with security is because you guys squirrel the stupid SSO and API pages in the one place nobody looks (Support, but it's not really a "Support" item). It should be linked from Account Management and the Launcher. It should be named "EVE SSO / Crest" not "Third Party Applications". Your average player won't see a third party site calling itself "Third Party Application". They'll see "EVE SSO" or "CREST", they'll make the association easier if they see the same words. |
Bluedagger
New Jovian Exploration Department A Band Apart.
11
|
Posted - 2016.10.12 23:42:08 -
[57] - Quote
+1 |
erittainvarma
Fistful of Finns WE FORM V0LTA
35
|
Posted - 2016.10.26 07:23:22 -
[58] - Quote
So what's the status with ship info? Are we going to get it in November? Also, do we get 5s cache time?
I support Jack Tronic's both points. New endpoint for getting both ship and location would be great (especially for CCP servers) because almost all use cases that I have in my mind includes getting them both.
I hope that you don't go to mandatory token expiry route, as that is going to be pain in the ass for valid users.
|
|
|
|
Pages: 1 [2] :: one page |
First page | Previous page | Next page | Last page |