Pages: 1 [2] 3 4 5 6 7 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 8 post(s) |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 16:33:00 -
[31] - Quote
Tippia wrote:GǪon the other hand, if he was just scraping characterIDs, there shouldn't be so many characters missing.
Doesn't matter whether he's scraping or guessing.
Any system which confirms or refutes the existence of a user (or character in this case) by providing a user id of some description but no key/pw is broken beyond belief.
What's more, the designer who thought that would be OK is quite clearly not competent.
Its absolutely ****-poor design, appallingly bad.
There's nothing else to be said Tippia - there's no good reason for this API behaviour. None. |
Adrenaline Reaper
Hard Rock Mining Co. Territorial Claim Unit
1
|
Posted - 2011.09.20 16:38:00 -
[32] - Quote
Othran wrote:Tippia wrote:GǪon the other hand, if he was just scraping characterIDs, there shouldn't be so many characters missing. Doesn't matter whether he's scraping or guessing. Any system which confirms or refutes the existence of a user (or character in this case) by providing a user id of some description but no key/pw is broken beyond belief. What's more, the designer who thought that would be OK is quite clearly not competent. Its absolutely ****-poor design, appallingly bad. There's nothing else to be said Tippia - there's no good reason for this API behaviour. None.
The whole point of the API is to provide the same data you can get ingame, but accessible to other applications. You can check the corp of each char manually ingame, so why should you not be able to do it on a website? |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 16:44:00 -
[33] - Quote
Adrenaline Reaper wrote:The whole point of the API is to provide the same data you can get ingame, but accessible to other applications. You can check the corp of each char manually ingame, so why should you not be able to do it on a website?
So he's doing it all manually?
Pull the other one, it has bells on it.
The point is that this ISN'T MANUALLY OBTAINED INFO. Its obtained through "guessing" (yeah right) charID keys and seeing whether you guess right - and with over 2 million characters on there (supposedly) there is no way its not automated.
Needs fixing and I sadly agree with Milla - ban is in order in this case.
Edit - let him guess the character names mmm? That'd be fair. Of course nobody in their right mind is going to do that.
Edit2 - he's scraping Tippia. Too many characters that I know of who have been inactive from 2003/2004 show up there for it to be anything else. |
Tippia
Sunshine and Lollipops
171
|
Posted - 2011.09.20 16:49:00 -
[34] - Quote
Adrenaline Reaper wrote:The whole point of the API is to provide the same data you can get ingame, but accessible to other applications. You can check the corp of each char manually ingame, so why should you not be able to do it on a website? Not quite. The point is that this behaviour can provide data that isn't available otherwise.
For instance, if you do not know that a character exists, you cannot find it in-game nor can you discover who's in those "unknown" corp slots; using the charID and API calls, you can discover its existence and tie it back to the corp that way.
SLOPS has four members; three are easily divined by looking at the corp info. The fourth is not since he's been hiding fairly well (and he isn't even on evewho as far as I can tell), and there is no way to ferret him out by going on an Info-screen trek. However, guess his characterID, and he'll pop up, and information that is not otherwise available will be revealed. GÇöGÇöGÇö GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥ GÇö Karath Piki-á |
Messoroz
AQUILA INC
10
|
Posted - 2011.09.20 16:53:00 -
[35] - Quote
I'm surprised the site hasnt been blacklisted from the API for brute forcing the character IDs. |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 16:56:00 -
[36] - Quote
Messoroz wrote:I'm surprised the site hasnt been blacklisted from the API for brute forcing the character IDs.
I don't think he is - I think he's scraping a range +/- on each character found on other sites or obtained from local (I can see a macro working VERY well here).
Definitely deserves the banstick though - and this needs changing ASAP, as does the dev who thought this was OK |
Nyio
Federal Navy Academy Gallente Federation
99
|
Posted - 2011.09.20 16:59:00 -
[37] - Quote
This thread is now called: Geniuses Speculating .. Features & Ideas Discussion: Agent Finder, Black Holes Needs a banner here.. |
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 17:16:00 -
[38] - Quote
WIN for PRIVACY LEAKS!
Go CCP! |
Zagam
Incompertus INC Fatal Ascension
87
|
Posted - 2011.09.20 17:20:00 -
[39] - Quote
Shionoya Risa wrote:Zagam wrote: Why is it so important that the info is hidden?
Apart from the massive intel boost it gives? To both sides.
Evewho can be used against you, or it can be used for you. I've been on both sides of it.
|
Miilla
Hulkageddon Orphanage
52
|
Posted - 2011.09.20 17:22:00 -
[40] - Quote
So what was the point of having API Keys controlled by the CUSTOMER if it is being leaked all over the API surface.
|
|
Ni Cho
Eternity INC. Goonswarm Federation
0
|
Posted - 2011.09.20 17:23:00 -
[41] - Quote
Nikkov wrote:Efraya wrote:All of the information gathered on that website is a collection of information that is already publicly visible, he's just been clever in scraping the kill boards and compiling that list.
How can the information be public, ie: Killboards, when alts are being shown that have never undicked from station?
Haha, you said undicked... |
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 17:26:00 -
[42] - Quote
Given the amount of idiots who have account and character names the same it looks quite useful for a bit of brute forcing/social engineering accounts too.
So who's the muppet designer who ****** this up? |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:27:00 -
[43] - Quote
Othran wrote:Given the amount of idiots who have account and character names the same it looks quite useful for a bit of brute forcing/social engineering accounts too.
So who's the muppet designer who ****** this up?
"Stay the course!"
|
malaire
41
|
Posted - 2011.09.20 17:31:00 -
[44] - Quote
Tippia wrote:For instance, if you do not know that a character exists, you cannot find it in-game nor can you discover who's in those "unknown" corp slots; using the charID and API calls, you can discover its existence and tie it back to the corp that way. You can find it in-game, you can search by partial character name and try to find there "hidden" characters. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:32:00 -
[45] - Quote
Remember that Eve Developer Licensing a while back?
This guy is just going to screw it up for all the developers such as myself by now making the reality of Authorised Application Keys to being enforced on all API consuming Apps so CCP can identify applications that abuse the API and block them out.
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:33:00 -
[46] - Quote
malaire wrote:Tippia wrote:For instance, if you do not know that a character exists, you cannot find it in-game nor can you discover who's in those "unknown" corp slots; using the charID and API calls, you can discover its existence and tie it back to the corp that way. You can find it in-game, you can search by partial character name and try to find there "hidden" characters.
But then you actually have to log in and PLAY EVE.
This guy is bascially MACROING :)
|
malaire
41
|
Posted - 2011.09.20 17:36:00 -
[47] - Quote
Miilla wrote:This guy is bascially MACROING :)
So what? Macroing outside EVE Client, using external applications and API, is allowed. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:39:00 -
[48] - Quote
malaire wrote:Miilla wrote:This guy is bascially MACROING :)
So what? Macroing outside EVE, using external applications and API is allowed.
Abuse of API is against the rules, causing a detrimental affect on the servers or game.
Infact you will see that there is a cache time on the server API responses, he is not adhering to that most likely.
In EveMon you will also see that there is a delay on the calling of API's, to reduded load on the server.
He most likely is not doing that.
|
|
CCP Navigator
C C P C C P Alliance
97
|
Posted - 2011.09.20 17:40:00 -
[49] - Quote
I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. CCP Navigator - Lead Community Representative |
|
Nyio
Federal Navy Academy Gallente Federation
99
|
Posted - 2011.09.20 17:40:00 -
[50] - Quote
@Miilla
Perhaps spend less time on these forums and more time actually making something. Just a thought. Features & Ideas Discussion: Agent Finder, Black Holes Needs a banner here.. |
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 17:43:00 -
[51] - Quote
CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API information and will continue to do so.
Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all.
The fact that the API calls confirm or refute the existence of a character based on a random charID suggests you're running damage control here Spitfire. I would strongly suggest you don't.
Any system which confirms or refutes the existence of a user (or character) based on the user (char) ID and no key/pw is broken.
Simple as. |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:44:00 -
[52] - Quote
CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so.
So it is ok to scan the API?
CONFIRMED, get those API scanners going people |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:46:00 -
[53] - Quote
Eve API is as secure as their email petition link replying system.
You can reply to ANY other person's petition IF you can guess the date and ID. I reported this one many times. Fell on deaf ears.
No authentication required. |
malaire
41
|
Posted - 2011.09.20 17:46:00 -
[54] - Quote
Othran wrote:Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all. Has he ever said anything in Local? Is he visible in Local?
If yes, then someone might've spotted him and posted to website like evewho. Carebear -á* -áTrader -á* -áPerfect Music-á-á* -áNever Scamming -á* -áNever Pirating |
Ejit
STD contractors
4
|
Posted - 2011.09.20 17:48:00 -
[55] - Quote
My wife has threatened me with this on more than one occasion
|
|
CCP Navigator
C C P C C P Alliance
97
|
Posted - 2011.09.20 17:48:00 -
[56] - Quote
Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people
I suggest you refrain from confirming anything. the details of what is allowed with the EVE API is decided by the developers who work on that code.
CCP Navigator - Lead Community Representative |
|
Othran
Brutor Tribe Minmatar Republic
25
|
Posted - 2011.09.20 17:50:00 -
[57] - Quote
malaire wrote:Othran wrote:Ummm no. As I said earlier I have a character who has never done anything. No information was "posted publically" at all. Has he ever said anything in Local? Is he visible in Local? If yes, then someone might've spotted him and posted to website like evewho.
Nope.
He was created and logged off. Hasn't been used for anything other than an Evemon template after that. Never been logged on since.
Sooo how is he there if its not scraping +/- on other characters?
2 mill characters - wow that's a lot of "guessing". |
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:52:00 -
[58] - Quote
CCP Navigator wrote:Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I suggest you refrain from confirming anything. the details of what is allowed with the EVE API is decided by the developers who work on that code.
This guy is obviously scraping the API charID's, that is scanning the API parameters.
YOU said he had done nothing "illegal".
Is it allowed or not?
Your post said it was. |
|
CCP Stillman
C C P C C P Alliance
59
|
Posted - 2011.09.20 17:55:00 -
[59] - Quote
Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I just want to clarify:
We have very clear policies about what's allowed and not. As you will know, we will throttle invalid calls, as we do not allow throwing 10 million random IDs at the API and hoping they return data.
Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.
Associate QA Tester for Team EVESec. |
|
Miilla
Hulkageddon Orphanage
53
|
Posted - 2011.09.20 17:58:00 -
[60] - Quote
CCP Stillman wrote:Miilla wrote:CCP Navigator wrote:I have spoken with the developers who manage and maintain the EVE API. They have assured me that evewho is not conducting any illegal or underhand method of obtaining API information. All information gathered has been posted publicly in one form or another. We maintain a very close eye on what is happening with the API and will continue to do so. So it is ok to scan the API? CONFIRMED, get those API scanners going people I just want to clarify: We have very clear policies about what's allowed and not. As you will know, we will throttle invalid calls, as we do not allow throwing 10 million random IDs at the API and hoping they return data. Scraping through characterIDs hoping to hit a valid one is NOT allowed. Doing so will get your IP blocked from the API. But if you do valid calls because you know it's a valid ID is fine. But generating excess errors will get your IP blocked.
So it is allowed if we generate a low ratio of errors to success API calls.
Just to clarify.
That is easy to do. Just keep repeating SUCCESSFUL calls if an error is generated. |
|
|
|
|
Pages: 1 [2] 3 4 5 6 7 :: one page |
First page | Previous page | Next page | Last page |