|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Kossaw
H A V O C Cascade Imminent
2
|
Posted - 2011.10.05 03:49:00 -
[1] - Quote
Lumy wrote:Imagine this situation: You have multiple characters with director access to different corps on single account. You generate api key for one of those corps and insert it into your application, let's say for using corp/IndustryJobs. App accepts the key, gets corporationID from APIKeyInfo and starts fetching industry jobs for that corp. Then you accidentally switch the corporation for that api key using https://support.eveonline.com/api/Key/Update/.And now the application is screwed, because it has no way of knowing change like this happened. Unless it runs APIKeyInfo before every call of corp/IndustryJobs. So, please, could you add corporationID attribute or node to every corp/... call. Also characterID for char/... calls, to be consistent.That's all, folks.
Well, technically Yes, but the situation is no different from you generating a new CAK - The old CAK is now invalid. I don't really see how adding more info to the returns of other API calls will resolve this - you are now using an invalid CAK, the API calls will fail, and the user needs to correct it.
|
Kossaw
H A V O C Cascade Imminent
2
|
Posted - 2011.10.05 12:46:00 -
[2] - Quote
Lumy wrote: If you just change CAK type (from account to char) or character (character type or corporation type), it is still valid.
Gotcha. My Bad. Yeah, thats a nasty bug. |
Kossaw
H A V O C Cascade Imminent
2
|
Posted - 2011.10.05 21:10:00 -
[3] - Quote
I think the fastest easiest and best solution is for CCP to remove the ability to change the CAK Type or vCode after it has been created.
If we have to call AIPKeyInfo to verify keys, then you have to do this immediately before EVERY api call to make sure nothing changed in the last few milliseconds. Congratulations CCP, you just doubled the number of requests made to the API.
|
Kossaw
H A V O C Cascade Imminent
2
|
Posted - 2011.10.10 07:50:00 -
[4] - Quote
Apparently the Bug Hunting team is too busy to realise just how f**d up this bug is and that they have just doubled the required number of API calls.
=============================
// This is By Design. Also please note there is a special API call account/APIKeyInfo.xml.aspx which returns information about the API Key, including type, access mask and characters it is generated for. // BH Eriweal
|
Kossaw
H A V O C Cascade Imminent
2
|
Posted - 2011.10.12 12:00:00 -
[5] - Quote
Have you considered that malicious users may exploit this bug to deliberately try to feed you false data ???
Seriously, the simple fix is to prevent users from changing either the Type, Corp or Character for an existing CAK. Ten minutes work on the support web page where CAKs are generated will fix this problem without need for complicated alterations to the API system.
|
|
|
|