| Author |
Thread Statistics | Show CCP posts - 7 post(s) |
KIller Wabbit
The Scope
Gallente Federation
622
   |
Posted - 2014.07.09 02:35:00 -
[1] - Quote
Steve Ronuken wrote:IceGuerilla wrote:We have this total rubbish, but we still can't change characters without relogging? What a load of poppycock. Uh, One's extending the login tech that's already in use with CCP (take a look at logging into the community site, the wiki, and the forums), and the other is going through the entirety of the eve client code, looking for code where the assumption was made that the character id wouldn't change. Teeny difference there.
One we really don't care about and the other is a pain in the ass every single day. Wanna guess which is which?
SSO - so gonna be a favorite with hackers...
CCP .. always first with the wrong stuff
|
KIller Wabbit
The Scope
Gallente Federation
622
|
Posted - 2014.07.09 02:41:00 -
[2] - Quote
Steve Ronuken wrote:
Rein in your hyperbole.
Who went and made you a moderator?
Some minimal work that benefits a double handful of third parties and maybe a few thousand people that deal with those site versus the (supposedly) 20K+ people that login in each day, some of them several times across multiple characters. Gee... maybe the ENTIRE community would be happier with something getting fixed that irritates the hell out of them daily.
CCP .. always first with the wrong stuff
|
KIller Wabbit
The Scope
Gallente Federation
622
|
Posted - 2014.07.09 02:48:00 -
[3] - Quote
Terminator 2 wrote:Steve Ronuken wrote:Aalysia Valkeiper wrote:Terminator 2 wrote:How about anonymity and privacy?
What happens when i have signed into EVE and then browse one of those sites?
Will i first have to go there so that they can catch my name and IP and then have to log out there to change to anonymity or another non-SSO account? Which of course is useless since they already have my IP from SSO...
Also, what happens to my EVE session when i chose to logout from SSO to browse one of those sites while trying to preserve my dignity?
I would expect at least a clear privacy statement regarding everything involved with SSO before being forced using any of it.
Also am i forced to use it?
It is because of all those "goodness" happening to us lately that i knowingly refuse and avoid having a facebook account or anything similar that connects different data sources voiding your privacy. I can answer that, judging from what I have seen regarding CCP's policies 'behind the scene'. The third parties won't get your IP address if you go to them after logging in with EvE online. Instead, they will get CCP's IP as your proxy. Nope. No proxy. They'll get your IP address. Just like they would if you went to their site anyway. The process is:
- Go to the 3rd party site.
- Click the login link.
- This sends you to the login.eveonline.com site (for the live version. sisilogin.testeveonline.com for the dev), with an identifier saying which site you're coming from.
- You log onto that site.
- You pick a character.
- You get sent back to the original site, onto a particular url that the site owner specified. A code is passed as part of the redirect.
- That code is checked by the original site (talking to login.eveonline.com) with a secret that's not shared. If everything matches, the character id etc is sent back.
So what is preventing any EVE related site, even the ones in fact authorized by CCP to fake the looks of such a login and steal my account name and password?
The only way I can see that you could prove that a site is not a phishing attack is to provide a fake name/pwd combination - if it "passes" then it is a fake. However, since phishing often faults with a fake failure ("Your login failed, please try again") before passing off to the real site you were intending to go to. Dunno how many level's of fake/fake/real.... levels the phisher's will build in to try to fake out even this attempt to protect ourselves.
CCP .. always first with the wrong stuff
|
| |
|