| Author |
Thread Statistics | Show CCP posts - 5 post(s) |
|
CCP Fallout
   |
Posted - 2011.03.31 13:00:00 -
[1]
Changes are afoot with our in-game browser, and CCP Orion's newest dev blog gives us the scoop. Read all about the new functions currently being tested on Singularity here.
Fallout
Associate Community Manager
CCP Hf, EVE Online
Contact us |
|
|
CCP Orion
|
Posted - 2011.03.31 14:54:00 -
[2]
 Originally by: andeira
So if I understand this correctly I can make a website and get some idiot to accept it as a trusted site and then I can make this site contract all his **** to me trough javascript?
If I can do this I will love you forever
Well, sorry to disappoint you, but no  . The IGB is only a substite/enhancement to the current menu system. The createContract function for example only opens the contract dialog with the specified items and type pre-selected.
|
|
|
CCP Orion
|
Posted - 2011.03.31 17:44:00 -
[3]
Originally by: Two step
Originally by: mkmin
Does anybody else smell "extremely dangerous"? There is no mention of the headers requiring "trusted" status. I don't trust very many sites at all, but if they can slip in some code that takes all your stuff I won't be trusting any sites ever again.
Sounds like it might be time to add CCPBrowser.exe to blacklisted software. :S
*all* IGB specific headers require trust, I don't see why these would be any different.
All IGB headers require trust indeed.
|
|
|
CCP Laurelle
|
Posted - 2011.03.31 23:28:00 -
[4]
Edited by: CCP Laurelle on 31/03/2011 23:29:05
Originally by: Grady Eltoren
Originally by: Shandir
Certainly this opens up some new scamming opportunities and some additional (in-game) security concerns, but from the sounds of it, there isn't anything which is going to "steal all your stuff" unless you have a habit of clicking contract/give money dialogs you haven't read.
I would say that it would be nice to allow disabling of certain features (like those that probably don't have a confirmation - eg autopilot destination) but actually, I'd just untrust any trusted site that screwed around with them.
Somer's gonna love these - easier for her addicts to throw more money at her (and less people sending ISK to the wrong Somer corp)
See the problem here is you open a website and the give money box pops up and you are busy typing on your laptop and the send button goes off accidentally. You all know how laptops can skip fields etc. One slip of the enter key at the wrong moment....
Originally by: Ariane VoxDei
One thing stands out though. "(new) showContents(stationID, itemID)"
Once you accumulate all your containerIDs, with matching stationID, then this stuff can be used to track your inventory.
Provided you do a bit of work to get a copy of the response and run a "adequate" set of scripts on it..
Okay, looks like some misunderstandings need clearing up...
- There is no "give money" from the IGB yet. If we do add it later there will be a lot of effort put into making sure it's not griefable.
- All the new javascript functions require the website to be trusted which is something that the user explicitly selects.
- showContents simply opens up an in-game UI and doesn't pass any information over to the website
We would love to hear more about actual security issues that you guys spot and suggest you try it out on Singularity. Our aim is to add much-needed functionality that allows you to make IGB websites which augment the game experience but at the same time be careful about compromising user security or allow automation through the IGB.
|
|
|
CCP Orion
|
Posted - 2011.04.01 17:53:00 -
[5]
Thanks for all the feedback, good stuff, contradicting perhaps but all good :)
The goal of exposing you guys to these changes on SISI is to figure out a meaningful set of features without exposing players to grief and "electronic warfare". The build currently on SISI is a first stab at that, we'll iterate on that the next weeks, and keep you posted on progress.
Cheers.
|
|
| |
|