| Pages: [1] :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 4 post(s) |
Cozmik R5
Dock 94
7
   |
Posted - 2011.09.08 01:05:00 -
[1] - Quote
So, because the forums are "https" and the game client already has an "http://" to web links, we now cannot link forum threads in channel MOTD's and such.
You vikings are smoking some extremely strong stuff up there. Maybe you should cut down.
Jeeezzz...
Try not. Do. Or do not. There is no try. |
Mehrdad Kor-Azor
Iure Divino
17
|
Posted - 2011.09.08 01:14:00 -
[2] - Quote
It's not that they're smoking funky things.
The pickled herring does strange things to the mind... |
Tiven loves Tansien
Science and Trade Institute
Caldari State
254
|
Posted - 2011.09.08 01:20:00 -
[3] - Quote
Have trust and confidence in CCP.
They will fix it.
looooooooooooooooooooooooooooooooooooooooooooooooooooooooool  |
|
CCP Glaka
25
|
Posted - 2011.09.08 01:39:00 -
[4] - Quote
Cozmik R5 wrote:So, because the forums are "https" and the game client already has an "http://" to web links, we now cannot link forum threads in channel MOTD's and such.
You vikings are smoking some extremely strong stuff up there. Maybe you should cut down.
Jeeezzz...
Thank you.
I'll look at this tomorrow morning. |
|
Kerppe Krulli
Science and Trade Institute
Caldari State
30
|
Posted - 2011.09.08 01:55:00 -
[5] - Quote
I would hire a new intern for this project. You should have fired him the last time you put these crappy forums up but to let them continue to strip ALL usability from a forum is a new level of fail on CCP's part.
I said it earlier. HTTPS implementation was merely a patchwork because CCP has nobody versed in forum security. Instead of learning something or hiring someone who knows something, they simply went with HTTPS. Hint to CCP: https is designed for specific instances. Unless you are sharing sensitive financial information with this site why the hell are you using https instead of programing proper scrubs, checks, and simple urls.
Browsing the forum with your url structure I've learned quite a bit about your database structure since you expose so much in the url. This thing will likely be taken down with some injection attacks which your https scheme can't stop. You need proper coding. Oh don't say you can't do simple urls, I've looked at the highlights of yaf and simple urls is one of their listing points (not selling point since it is freeware). instead you don't know how to implement or chose not to when you really messed with the coding.
edit: open the pages in a simple DOM viewer. almost all your code is plain text, you only used obfuscate on direct path in the code. OMG why would you put full paths in your publicly view-able code?? |
Eternum Praetorian
PWNED Factor
The Seventh Day
18
|
Posted - 2011.09.08 02:51:00 -
[6] - Quote
Kerppe Krulli wrote:I would hire a new intern for this project. You should have fired him the last time you put these crappy forums up but to let them continue to strip ALL usability from a forum is a new level of fail on CCP's part.
I said it earlier. HTTPS implementation was merely a patchwork because CCP has nobody versed in forum security. Instead of learning something or hiring someone who knows something, they simply went with HTTPS. Hint to CCP: https is designed for specific instances. Unless you are sharing sensitive financial information with this site why the hell are you using https instead of programing proper scrubs, checks, and simple urls.
Browsing the forum with your url structure I've learned quite a bit about your database structure since you expose so much in the url. This thing will likely be taken down with some injection attacks which your https scheme can't stop. You need proper coding. Oh don't say you can't do simple urls, I've looked at the highlights of yaf and simple urls is one of their listing points (not selling point since it is freeware). instead you don't know how to implement or chose not to when you really messed with the coding.
edit: open the pages in a simple DOM viewer. almost all your code is plain text, you only used obfuscate on direct path in the code. OMG why would you put full paths in your publicly view-able code??
I have no idea what you just said...
But Daym...
It smells like CCP really can't program? 
I was under the impression that we were just trolling them when we say that they can't... |
Rented
Hunter Heavy Industries
4
|
Posted - 2011.09.08 03:04:00 -
[7] - Quote
Eternum Praetorian wrote:I have no idea what you just said... But Daym... It smells like CCP really can't program? I was under the impression that we were just trolling them when we say that they can't...
CCP incompetence is very real, and very scary. |
Crunchmeister
THORN Syndicate
BricK sQuAD.
34
|
Posted - 2011.09.08 03:17:00 -
[8] - Quote
Tiven loves Tansien wrote:
SoonGäó
|
Abrazzar
88
|
Posted - 2011.09.08 04:22:00 -
[9] - Quote
CCP Glaka wrote:Cozmik R5 wrote:So, because the forums are "https" and the game client already has an "http://" to web links, we now cannot link forum threads in channel MOTD's and such.
You vikings are smoking some extremely strong stuff up there. Maybe you should cut down.
Jeeezzz... Thank you. I'll look at this tomorrow morning.
The smoking or the linking?
Please visit your user settings to re-enable images. |
|
ISD Libertina
ISD STAR
2
|
Posted - 2011.09.08 09:19:00 -
[10] - Quote
A workaround to get https links into your MotDs is to use the html url tags like this:
< url=https://forums.eveonline.com/default.aspx?g=topics&f=256>EVE Trial Citizens Q&A Forum< /url>
Remove the whitespaces in the tags, adjust page and display text and copy and paste it into the MotD.
Libertina
Vice Admiral
Support, Training And Resources
Interstellar Services Department |
|
|
|
Cozmik R5
Dock 94
7
|
Posted - 2011.09.08 09:25:00 -
[11] - Quote
Well, maybe the devs should make a sticky about this because I'm pretty sure I'm not the only one to use links to forum thread in a channel's MOTD. Or at least post a list of the codes we can use while someone works (!) on making this more use-friendly. Wishful thinking, I know.
Try not. Do. Or do not. There is no try. |
Capn Orgasmo
The Stampede.
The Scapegoats
11
|
Posted - 2011.09.08 09:27:00 -
[12] - Quote
Abrazzar wrote:CCP Glaka wrote:Cozmik R5 wrote:So, because the forums are "https" and the game client already has an "http://" to web links, we now cannot link forum threads in channel MOTD's and such.
You vikings are smoking some extremely strong stuff up there. Maybe you should cut down.
Jeeezzz... Thank you. I'll look at this tomorrow morning. The smoking or the linking?
Hopefully not both at the same time, they will manage to stick a boot.ini in there somewhere, somehow.
/le tinfoil |
Cozmik R5
Dock 94
7
|
Posted - 2011.09.08 09:31:00 -
[13] - Quote
@ISD Libertina: it doesn't work.
Try not. Do. Or do not. There is no try. |
|
ISD Libertina
ISD STAR
2
|
Posted - 2011.09.08 09:40:00 -
[14] - Quote
Cozmik R5 wrote:@ISD Libertina: it doesn't work.
That is weird, I tested it ingame just before I posted. Have you removed the whitespaces from both tags; the < url=... and the < /url> one? (They are only in there to allow me to post them on the forum.)
Removing both and copying the whole thing into the MotD, works for me. (I just tried it again.)
You do have to remove them prior to pasting into the MotD, using Notepad or something similar.
Libertina
Vice Admiral
Support, Training And Resources
Interstellar Services Department |
|
Cozmik R5
Dock 94
7
|
Posted - 2011.09.08 09:53:00 -
[15] - Quote
Positive that there were no spaces in my attempt.
Try not. Do. Or do not. There is no try. |
Vicker Lahn'se
STRAG3S
THE UNTHINKABLES
0
|
Posted - 2011.09.08 10:52:00 -
[16] - Quote
Kerppe Krulli wrote:I would hire a new intern for this project. You should have fired him the last time you put these crappy forums up but to let them continue to strip ALL usability from a forum is a new level of fail on CCP's part.
I said it earlier. HTTPS implementation was merely a patchwork because CCP has nobody versed in forum security. Instead of learning something or hiring someone who knows something, they simply went with HTTPS. Hint to CCP: https is designed for specific instances. Unless you are sharing sensitive financial information with this site why the hell are you using https instead of programing proper scrubs, checks, and simple urls.
Browsing the forum with your url structure I've learned quite a bit about your database structure since you expose so much in the url. This thing will likely be taken down with some injection attacks which your https scheme can't stop. You need proper coding. Oh don't say you can't do simple urls, I've looked at the highlights of yaf and simple urls is one of their listing points (not selling point since it is freeware). instead you don't know how to implement or chose not to when you really messed with the coding.
edit: open the pages in a simple DOM viewer. almost all your code is plain text, you only used obfuscate on direct path in the code. OMG why would you put full paths in your publicly view-able code??
And how does knowing the information contained in the url allow you to cause harm? |
Alexandra Alt
Republic Military School
Minmatar Republic
5
|
Posted - 2011.09.08 11:14:00 -
[17] - Quote
Vicker Lahn'se wrote:Kerppe Krulli wrote:I would hire a new intern for this project. You should have fired him the last time you put these crappy forums up but to let them continue to strip ALL usability from a forum is a new level of fail on CCP's part.
I said it earlier. HTTPS implementation was merely a patchwork because CCP has nobody versed in forum security. Instead of learning something or hiring someone who knows something, they simply went with HTTPS. Hint to CCP: https is designed for specific instances. Unless you are sharing sensitive financial information with this site why the hell are you using https instead of programing proper scrubs, checks, and simple urls.
Browsing the forum with your url structure I've learned quite a bit about your database structure since you expose so much in the url. This thing will likely be taken down with some injection attacks which your https scheme can't stop. You need proper coding. Oh don't say you can't do simple urls, I've looked at the highlights of yaf and simple urls is one of their listing points (not selling point since it is freeware). instead you don't know how to implement or chose not to when you really messed with the coding.
edit: open the pages in a simple DOM viewer. almost all your code is plain text, you only used obfuscate on direct path in the code. OMG why would you put full paths in your publicly view-able code?? And how does knowing the information contained in the url allow you to cause harm?
Heheheh, web designers trying to make smart remarks about web application development makes me giggle, it causes no harm whatsoever, there might be issues (as per Hellicity twitter post even today) but they're not certainly due to how stuff is obfuscated or not.
Btw, obfuscation (js) primary purpose is not to keep you away from understanding the code, but in browser js engine processing speed up, as it's often translated in to smaller code (thus less text) and better (test proven) fashion to increase speed, besides, many js libs already come 'optimized' (commonly mistakenly called obfuscated).
|
Nyio
Federal Navy Academy
Gallente Federation
45
|
Posted - 2011.09.08 11:18:00 -
[18] - Quote
Homer Simpson wrote:D'oh!
Needs a banner here.. |
Steve Ronuken
Cossette Moana
0
|
Posted - 2011.09.08 15:23:00 -
[19] - Quote
Just to squelch a little misinformation:
https is good. It's not a panacea, and won't fix poor security, but without it
A: when you log in, your password is visible to everyone between your and the site you're working with. Unless, perhaps, you get funky with javascript and a changing hash. (or use digest auth. but that's very rare)
B: your session is vulnerable to hijacking by anyone between you and the site you're working with.
Short form: https = good. Don't belittle people for using it. Only if it's /all/ that's been done. |
|
CCP Glaka
25
|
Posted - 2011.09.08 15:36:00 -
[20] - Quote
CCP Glaka wrote:Cozmik R5 wrote:So, because the forums are "https" and the game client already has an "http://" to web links, we now cannot link forum threads in channel MOTD's and such.
You vikings are smoking some extremely strong stuff up there. Maybe you should cut down.
Jeeezzz... Thank you. I'll look at this tomorrow morning.
This has now been fixed with a proper redirect from http:// to https://
So when you link a forum link on MOTD just use the http:// instead of https://
Enjoy  |
|
|
|
|
|
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |