| Pages: [1] 2 :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
BigSako
Burning Napalm
Northern Coalition.
20
   |
Posted - 2013.08.02 12:32:00 -
[1] - Quote
I would ilke to propose the following features for the EvE Online Character (and potentially also Corp API).
- Possibility to limit APIs to a certain IP address:
APIs can be stolen by/leaked from services and or tools (not calling anyone out here). Therefore limiting the API access to a certain IP address (e.g. eve-kill) would help a lot to secure the API.
This doesn't need to be an extensive feature, just needs to be ONE IP address or leave empty (= ANY IP address) otherwise.
- Show more details in the API Access Log:
While the API Access Log is nice to have, it doesn't really help much at the moment. One can only see the IP address, a timestamp and the information accessed, but not which API key was used.
For security purpose it would be nice to see what API key (only the ID, not the vcode) was used to access said information, therefore providing information whether or not the API key is used by somebody else.
- Possibility to EXPORT the API Log:
Most players won't know what this API Log is about. Site-Admins and some few others will do, so it would be nice if one could just export the API Log into a CSV file, so it can be parsed by external tools (more) easily.
These features should really be easy to implement and would provide capsuleers more control about their API keys, as you don't know where the API keys are going after you entered them on a website (e.g. your alliance forum). I am hopeing that the community will support these ideas and that we can see these implemented soon. |
Tu'yak Marowshay
Di-Tron Heavy Industries
Test Alliance Please Ignore
43
|
Posted - 2013.08.02 12:39:00 -
[2] - Quote
This should be a "thing" already! +1 op |
Ncc 1709
Fusion Enterprises Ltd
Nulli Secunda
1
|
Posted - 2013.08.02 13:44:00 -
[3] - Quote
+1 |
Rented
Hunter Heavy Industries
108
|
Posted - 2013.08.02 14:05:00 -
[4] - Quote
You're concerned about people seeing your API data.... which you're already giving away for other people to see in the first place... wait wut? |
BigSako
Burning Napalm
Northern Coalition.
28
|
Posted - 2013.08.02 14:23:00 -
[5] - Quote
Rented wrote:You're concerned about people seeing your API data.... which you're already giving away for other people to see in the first place... wait wut?
You're assuming I am "giving away" an API key. Players, including me, are forced to enter their API key when they apply to 0.0 (block) alliances. At the same time API keys are used for authenticating against services like alliance/corp/coalition forums and teamspeak servers.
So somebody "stealing" the API key could authenticate as me without being me, which is authentication theft and technically a crime.
|
Rutger Centemus
Burning Napalm
Northern Coalition.
13
|
Posted - 2013.08.02 15:26:00 -
[6] - Quote
+1 |
Malleus Sicarius
0utLaw.
Northern Coalition.
1
|
Posted - 2013.08.02 15:27:00 -
[7] - Quote
+1
indeed too many API farms and than use it to spy coms ...
spoils the beauty of the game
 |
Shadow Leigon
Militaris Industries
Northern Coalition.
0
|
Posted - 2013.08.02 15:27:00 -
[8] - Quote
+1 |
Azlana
Burning Napalm
Northern Coalition.
0
|
Posted - 2013.08.02 15:28:00 -
[9] - Quote
+1 |
killerkeano
Burning Napalm
Northern Coalition.
6
|
Posted - 2013.08.02 15:29:00 -
[10] - Quote
Definite +1
Rented wrote:You're concerned about people seeing your API data.... which you're already giving away for other people to see in the first place... wait wut?
and if they were maliciously stolen, copied..? theoretically..
without reading all the games terms and conditions, im not sure how far the misuse of API information is protected.? If it isn't then it should be.
|
|
|
DJ REUNION
Macabre Votum
Northern Coalition.
0
|
Posted - 2013.08.02 15:39:00 -
[11] - Quote
+1
|
DarkBridge TheSith
Running with Knives
Nexus Fleet
0
|
Posted - 2013.08.02 16:05:00 -
[12] - Quote
+1
|
DaSumpf
Liga Freier Terraner
Northern Coalition.
1
|
Posted - 2013.08.02 16:06:00 -
[13] - Quote
+1
There is a lot of 3rd party tools out there that requires API keys (many killboards, EFT, EVEMon, JEveAssets to name just a few of them). Once you gave away your API key (customized key in most cases, but in a few rare cases the full API as well) you have no control about whether your key and code are transmitted somewhere else or not.
In 0.0 alliances (yes, we are all paranoid) its pretty common to hand out a full API to your director or whoever keeps track on members and member activities. If said (trustful) person uses the above mentioned 3rd party tools in order to do his work the full APIs are no longer under control of said (trustful) person.
So i fully support the mentioned changes (which should be really easy to implement anyways) for more safety. |
Moon Rabit
Billionaires Club
The Unthinkables
10
|
Posted - 2013.08.02 16:10:00 -
[14] - Quote
+1 |
ReacT1337
Burning Napalm
Northern Coalition.
1
|
Posted - 2013.08.02 16:29:00 -
[15] - Quote
+1
CCP is talking about accountsecurity all the time...but making it for 3rd party hosters too easy to use the API-Information with bad intensions. |
Massa S
Burning Napalm
Northern Coalition.
0
|
Posted - 2013.08.02 16:33:00 -
[16] - Quote
+1
Make us more savety when we use a feature you gave us. |
Totalani
Infinite Point
Nulli Secunda
2
|
Posted - 2013.08.02 16:34:00 -
[17] - Quote
+1 |
Icantspellwell
Ever Flow
Northern Coalition.
16
|
Posted - 2013.08.02 17:04:00 -
[18] - Quote
+1 |
Aliventi
Burning Napalm
Northern Coalition.
338
|
Posted - 2013.08.02 17:16:00 -
[19] - Quote
+1
"tbh most people don't care about removing local from highsec. They want it gone from nullsec. I want to be able to solo roam hunt without everyone knowing I am there without them actually seeing me jump through the gate. Effortless intel is bad." ~Me |
Demotress
Segmentum Solar
Nulli Secunda
9
|
Posted - 2013.08.02 17:27:00 -
[20] - Quote
where is the like button? i must like this idea, seems like a good one |
|
|
Laendra
Wildly Inappropriate
Goonswarm Federation
18
|
Posted - 2013.08.02 19:22:00 -
[21] - Quote
I would think something like registering your API application with CCP and obtaining a public vCode, which then would be part of the API access process, would HELP eliminate these API identity thefts.
For instance,
wi-alliance.com applies for a public vCode. This vCode is autogenerated and cannot be manually selected.
If I want to access their forums, I must provide an API key, so I get their public vCode, and then generate a vCode of my own that utilizes the public vCode
Unscrupulous MetaPlayer X somehow manages to obtain my keyID and vCode and tries to apply it to goonfleet.com as if they were me. Since the goonfleet.com has a different public vCode the key wouldn't work, and access would be denied, and access attempt would be logged on both goonfleet.com and api.eveonline.com |
Sebastian Hoch
Black Lance
Fidelas Constans
40
|
Posted - 2013.08.02 21:20:00 -
[22] - Quote
BigSako wrote:I would ilke to propose the following features for the EvE Online Character (and potentially also Corp API).
[list=1]
Possibility to limit APIs to a certain IP address:APIs can be stolen by/leaked from services and or tools (not calling anyone out here). Therefore limiting the API access to a certain IP address (e.g. eve-kill) would help a lot to secure the API.
Maybe you should consider only giving your API out to organizations that are competent and you can trust? I am under the impression that compromising API's is a time honored part CCP's beloved meta-game.
I have never used an API to comprise an external service, but since the only real world identity you have in Eve is carried by your account and not your character(s), I am not so sure its same thing as "identity or authentication theft", especially since its an acknowledged part of the game. I am not a lawyer, but I don't see why would the law care if part of the game takes place on CCP's servers, and part if it takes place on player systems especially if there are never any damages from the act outside the context of the game?
"Your honor, he pretended to be the spaceman I was pretending to be!" |
Nofearion
sleep Deprivation INC. LLC
The Kadeshi
17
|
Posted - 2013.08.02 22:06:00 -
[23] - Quote
+1 and the like button is on the post at the upper right corner
|
BigSako
Burning Napalm
Northern Coalition.
72
|
Posted - 2013.08.03 14:23:00 -
[24] - Quote
Laendra wrote:I would think something like registering your API application with CCP and obtaining a public vCode, which then would be part of the API access process, would HELP eliminate these API identity thefts.
For instance,
wi-alliance.com applies for a public vCode. This vCode is autogenerated and cannot be manually selected.
If I want to access their forums, I must provide an API key, so I get their public vCode, and then generate a vCode of my own that utilizes the public vCode
Unscrupulous MetaPlayer X somehow manages to obtain my keyID and vCode and tries to apply it to goonfleet.com as if they were me. Since the goonfleet.com has a different public vCode the key wouldn't work, and access would be denied, and access attempt would be logged on both goonfleet.com and api.eveonline.com
this seems like a good idea too. |
Vasilissa Dragomere
Jovian Brothers
Gatekeepers Universe
0
|
Posted - 2013.08.03 15:47:00 -
[25] - Quote
+1 |
BigSako
Burning Napalm
Northern Coalition.
76
|
Posted - 2013.08.04 22:05:00 -
[26] - Quote
now that the AT is over, I'm going to push this again. |
Kimpaz
Black Flag Operations
The Kadeshi
3
|
Posted - 2013.08.04 22:08:00 -
[27] - Quote
+1 |
Six Strangelove
FinFleet
Northern Coalition.
8
|
Posted - 2013.08.04 22:09:00 -
[28] - Quote
+1 |
Kylie Cole
The n00b Experience
0
|
Posted - 2013.08.05 03:59:00 -
[29] - Quote
Laendra wrote:I would think something like registering your API application with CCP and obtaining a public vCode, which then would be part of the API access process, would HELP eliminate these API identity thefts.
For instance,
wi-alliance.com applies for a public vCode. This vCode is autogenerated and cannot be manually selected.
If I want to access their forums, I must provide an API key, so I get their public vCode, and then generate a vCode of my own that utilizes the public vCode
Unscrupulous MetaPlayer X somehow manages to obtain my keyID and vCode and tries to apply it to goonfleet.com as if they were me. Since the goonfleet.com has a different public vCode the key wouldn't work, and access would be denied, and access attempt would be logged on both goonfleet.com and api.eveonline.com
This sounds good to me. Extra bonus of the API application admin just needing to regenerate a vCode to require everyone to re-verify their keys.
|
Alundil
Seniors Clan
Get Off My Lawn
237
|
Posted - 2013.08.05 04:54:00 -
[30] - Quote
You received my "like"
Clone gameplay enhancements |
|
|
|
|
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |