|
Author |
Thread Statistics | Show CCP posts - 8 post(s) |
Catari Taga
Centre Of Attention Middle of Nowhere
|
Posted - 2011.01.29 20:36:00 -
[1]
Yes!!! This blog came much faster than expected, nice surprise.
Quote: An expiry date will be added to all API keys.
While this makes sense from a security perspective, for the majority of players in EVE security isn't all that important. Please allow keys to not expire by default. I know most of the people that I hold API keys from will use this.
Quote: Allowing character specific keys rather than always account wide.
- This setting will only be viewable through the API key management, not by everyone holding the key. So the holder of a character specific key will not be able to see what other characters belong to the account if the keys owner sets it to a single character.
I hope this does not mean that the key holder cannot even verify what type of key they hold, because that is obviously important for recruit vetting.
Quote: Group: Character sheet
Needs SkillQueue/InTraining keys as well.
Originally by: Cryten Jones How about making the system work the other way around?
You give out the access key for your character, Corp or account. The application requests access via the api. The request to the api includes the application name and a one time key the api registers the new request and creates an entry in your api management page. You receive an eve-mail saying you have waiting api requests. You login to review the request. If you are happy you choose the access options and time length and approve the access.
Nice challenge-response style access.
-CJ
definitely this. --
|
Catari Taga
Centre Of Attention Middle of Nowhere
|
Posted - 2011.01.30 15:37:00 -
[2]
Originally by: Ix Forres (I don't really care, I don't write apps any more, but if I were writing apps this would be a major facepalm moment. Moving in the right direction, but using a pogo stick to hop up the hillside when you could just walk...)
You know CCP likes home-grown half-baked stuff, but that seems to be more a company policy than the fault of the devs actually doing it. At least I can't imagine they all really want to reinvent the wheel each time and fail to make it round. --
|
Catari Taga
Centre Of Attention Middle of Nowhere
|
Posted - 2011.01.31 00:24:00 -
[3]
Originally by: Qoi For everyone still thinking EVE Gate is a social network (Maybe you should read the About page), it is a lot more than that.
It's just the new name for the eve website and all the services it is going to provide (Account Management, Forums, SocialNetwork-WhatAmIDoingRightNow-Box, News, Calendar, EVEMail) etc. Having the API Management part of EVE Gate doesn't mean it will be "insecure" or have "insecure default settings" on a level with Facebook. Replace "EVE Gate" with "new version of eveonline website" if you still think eve gate is "spacebook".
Erm, we don't really care what EVE Gate is, but the fact remains that EVE Gate "forgets" security settings every other patch. So statistically the likelyhood of API or account security being compromised rises exponentially by integrating it into the badly administered EVE Gate service. --
|
Catari Taga
Centre Of Attention Middle of Nowhere
|
Posted - 2011.02.16 01:24:00 -
[4]
Most things have been said and I agree with what has been said. Specifically:
Expiring API keys that can be refreshed by the user is actually ok from my perspective.
The ability to send a predefined key string to EVE Gate requesting a specific API key so that the user does not have to check boxes and can just confirm should be a priority in my opinion.
Other characters on the account must be available via an optional account bound key for recruitment purposes.
Corp API for characters with roles: I am against. Just one example: A corp member may have starbase fuel technician role but only access to a specific POS. Via the API that player would get access to the fuel data for all POS, which may not be desired. I agree that a director could just create an additional key under the new system and give it out along with the role if so desired.
--
|
|
|
|