EVE Search - Moondongie

All Channels

Test Server Feedback

Moondongie

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Author	Thread Statistics \| Show CCP posts - 27 post(s)
Leebe	Posted - 2009.09.22 13:24:00 - [1] Edited by: Leebe on 22/09/2009 13:25:21 Originally by: Wollari It would be nice if you could allow 127.0.0.1 localhost and *.localhost to be accessed in the IGB to allow Developers to test things against their own webserver (if not already done). this already works. at least http://localhost:8080 worked ;) the hash thing sounds a bit complicated .. it would be sufficient to have something like hash(secretsalt+charid+ domainname_of_called_website ) e.g. your site is www.secreteve.com/test.php the hash would be md5( secret-salt + charid + "secreteve.com" ) and to check if that is really the char you could call the eve api with validate.aspx?charid=<charid>&url=secreteve.com&hash=<hashfromheader> that way the hash would be unique for every character and only for your domain... - you would only need to check it once against the api and you can store it for later checking - you can't use it on different sites because it is bound to your domainname - no timing or expire of the hashes is necessary
Leebe	Posted - 2009.09.25 22:13:00 - [2] Edited by: Leebe on 25/09/2009 22:17:56 Edited by: Leebe on 25/09/2009 22:13:17 Originally by: Wollari If you wanna provide a secure way how to verify the true identity of an Eve Online Ingame pilot you have to use some kind of ticket based keys .. not just a shared secret like domain names. Cookies and HTTP Headers can easyly be faked just to bypass the alliance registration system and afterwards you'll just switch back, etc. No you don't need tickets ... I don't think you understood my suggestion. By the way it's based on an authentication system that is used by payment providers like paypal to make sure calls to their system are orginated from their merchants server. Take as an example the character "Leebe" with the Character ID 12345. This character has also a secret id 23456 which is only known by ccp (and the users client) This character requests a page from his trusted server mycorp.com. Moondoggy will then create a hash for this page based on the secret id and the domain name: hash( 23456 + "mycorp.com") = AFAFHASH. So the mycorp.com server will get the request information: HTTP_EVE_CHARID: 12345 HTTP_EVE_HASH: AFAFHASH Now, to verify that the user is really the character the mycorp.com server can send following request to the server: validate_hash.aspx?charid=12345&url=mycorp.com&hash=AFAFHASH the api server that knows the secret id 23456 can then create the hash itself and compare it to value from the request and can confirm then that it's really the user. Since nobody except ccp knows the secret id of a character nobody can forge the hash for a character on a given domain. For additional security they might change the secret key once a week or once a month.. but one advantage is as long as the secret id is the same the hashes for the domains won't change and so you don't need to check the api on every login.
Leebe	Posted - 2009.09.26 00:18:00 - [3] Edited by: Leebe on 26/09/2009 00:24:18 Edited by: Leebe on 26/09/2009 00:20:31 Edited by: Leebe on 26/09/2009 00:18:48 Originally by: Haskell Originally by: Leebe For additional security they might change the secret key once a week or once a month.. Add a nounce and a timestamp and you've almost re-invented OAuth. Not really... oauth is a bit more then that ;) My suggestion is a simple signature added to the request that can't be forged, is different for every domain, but can be checked by the website by just doing one api call. It would allow authentication to the website without revealing even the basic api key, not even the userid of the account. :9 It has nothing to do with granting/revoking rights which is a lot more complicated in the end. Remember that requests from the ingame browser are only on a character level and don't contain even the user(account)id .. and I hope it stays that way :9 IMHO stuff like that would better fit into the account management and not into the game client.
Leebe	Posted - 2009.09.26 11:20:00 - [4] Edited by: Leebe on 26/09/2009 11:22:02 Edited by: Leebe on 26/09/2009 11:21:01 Originally by: Jondar Valador Quote: The procedure entry point TTGetNewFontName could not be located in the dynamic link library t2embed.dll However, MSDN says it should be there. It's not. No TTGetNewFontName in t2embed.dll, I grepped. W2K+SP4+rollup+latest updates. I hope you didnt take a huge dump allover my playing experience just to graft the abomination that chrome** is into the client. I want to play internet spaceships NOT USE A ING TY BROWSER INGAME. I don't think swearing gets you any further. Chromium don't support win2k and from what I've read in the chrome dev groups it's not likely that it will ever run on that outdated os. btw... if you check the minimum system specs for eve you will notice that w2k is not an official supported os for eve: eve minimal requirements Quote:** Please note that Windows 95, 98, ME, NT and 2000 are not supported.
Leebe	Posted - 2009.10.08 08:34:00 - [5] button is a proper tag w3schools
Leebe	Posted - 2009.10.16 09:51:00 - [6] Edited by: Leebe on 16/10/2009 09:56:24 I don't really see a problem with javascript functions as long as you have to confirm all actions with a confirmation box. They could add a checkbox/link to the confirmation box that removes the page from trust list (and report the page for possible blacklisting) Originally by: Synex This could be coupled with an API call to your wallet info to check whether the money had transferred or not. This will probably never happen since they made clear on the presentation that you will never get any information out of the game by the api except for the headers. The Javascript API is a one way thing. Make it CCPEVE.TransferISKTo(charID, quantity, [reason]); and add a transaction number or something like that then you can check if you got the money via the traditional web api
Leebe	Posted - 2009.11.23 16:52:00 - [7] Originally by: Unity Love As I cba to download the 2gig test server patch/go through this thread does moondoggywoggy support flash? as in if I made a flash website for a corp would it work in the new igb? no... there won't be flash support in the new igb when it gets released. it might get added in a later patch
Leebe	Posted - 2009.11.25 18:49:00 - [8] they said on the fanfest that right click menu is gone and won't come back .) guess that has to do with the process separation :9

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.