open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: API Security
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: [1] 2

Author Topic

CCP Fallout

Posted - 2010.10.22 11:40:00 - [1]
 

CCP Stillman's newest dev blog details the importance of API security and protecting your API key.

Elsa Nietzsche
Posted - 2010.10.22 11:47:00 - [2]
 

Edited by: Elsa Nietzsche on 22/10/2010 11:54:48
first!

pretty interesting blog. i've often wondered why people are so anal about api access. while there seems to really be limited risk with sharing the limited api, you make many good points about the risk of sharing your full api.
also, thanks for linking the api access log. that was something new to me and i'm glad i know about it now.

on the topic of security/privacy, have you guys changed your mind about the last blog with evegate and making user profiles public by default yet?

Chribba
Otherworld Enterprises
Otherworld Empire
Posted - 2010.10.22 11:56:00 - [3]
 

Edited by: Chribba on 22/10/2010 12:00:37
Another good read. Thanks.

And also, I think there could be several improvements of the API keys in general, like ability to create more than just one limited/full, to avoid having to use the same keys everywhere, and thus not having to reset all "services" if a key is abused.

Expiration on some keys perhaps? Eg a 12 hour key you can give to a reqruitment officer... But also and probably a major feature would be to be able to create keys and chose what info they could access. Eg a full key that would allow for example only industrial jobs to be viewed, but not the wallet etc.

/c

Valeria Crossroads
Caldari
Terra Incognita
Intrepid Crossing
Posted - 2010.10.22 11:58:00 - [4]
 

KB use full api keys of the ceo or director to get all corp kills and losses. That means that all my mail and thus privacy must be sacrificed to keep that going. No way that is going to happen. Please come with a solution for this. Crying or Very sad

CCP Prism X


Gallente
C C P
C C P Alliance
Posted - 2010.10.22 12:06:00 - [5]
 

Originally by: Chribba
Edited by: Chribba on 22/10/2010 12:00:37
And also, I think there could be several improvements of the API keys in general, like ability to create more than just one limited/full, to avoid having to use the same keys everywhere, and thus not having to reset all "services" if a key is abused.

Expiration on some keys perhaps? Eg a 12 hour key you can give to a reqruitment officer... But also and probably a major feature would be to be able to create keys and chose what info they could access. Eg a full key that would allow for example only industrial jobs to be viewed, but not the wallet etc.

/c


For reference.

And we understand that this isn't exactly ideal for killboards who require the full API key. We'll look into the security concerns of lovering the kill mail API to the limited key. That will of course just be a temporary solution. See the reference above.

Noun Verber
Gallente
Posted - 2010.10.22 12:08:00 - [6]
 

Will anything new be added to the APIs in tyrannis 1.2?

I don't know what was there in the first place to compare it to.

Jack Dant
Minmatar
Posted - 2010.10.22 12:10:00 - [7]
 

Originally by: CCP Prism X
And we understand that this isn't exactly ideal for killboards who require the full API key. We'll look into the security concerns of lovering the kill mail API to the limited key. That will of course just be a temporary solution. See the reference above.

Please do this. Kills and losses are almost public information (not least because both sides get them, so you can never completely control who sees them).

0oO0oOoOo0o
Posted - 2010.10.22 12:39:00 - [8]
 

Why do you make the mail accessible in the full api ? It's private communication between 2 persons, sometimes not even about the game itself, that is not meant to be read by 3rd parties. Please take that off from the list.

CCP Prism X


Gallente
C C P
C C P Alliance
Posted - 2010.10.22 12:50:00 - [9]
 

Originally by: Noun Verber
Will anything new be added to the APIs in tyrannis 1.2?

I don't know what was there in the first place to compare it to.


Yes there will! \o/
There's an entire dev blog dedicated to upcoming Tyrannis 1.2 features! Wink

Yuda Mann
Posted - 2010.10.22 13:45:00 - [10]
 

Originally by: 0oO0oOoOo0o
Why do you make the mail accessible in the full api ? It's private communication between 2 persons, sometimes not even about the game itself, that is not meant to be read by 3rd parties. Please take that off from the list.


It's so you can use a 3rd party piece of software or website to read your own mail. I think what CCP needs to do is make a 3rd security level for API's. There's too much information to fit into 2 levels.

DmitryEKT
Clandestine.
Posted - 2010.10.22 15:13:00 - [11]
 

is there plans to add a way to "uncreate" an api key - creating a new one wipes the old one, but if i didn't want to have one active at all, there doesn't seem to be a way to do that?
yes, i know it's not something you can guess because of how long it is, but still, would be nice for those of us who are overly paranoid...

Nikolai Kondratiev
Sphere Design Inc.
Posted - 2010.10.22 16:56:00 - [12]
 

Edited by: Nikolai Kondratiev on 22/10/2010 17:00:06
Originally by: DmitryEKT
is there plans to add a way to "uncreate" an api key - creating a new one wipes the old one, but if i didn't want to have one active at all, there doesn't seem to be a way to do that?
yes, i know it's not something you can guess because of how long it is, but still, would be nice for those of us who are overly paranoid...


If you think someone is going to "guess" your new API key (and if they hack your account to get it, you probably have more to worry about) or brute-force it, you might as well stop living because of all the terrible thing that are more likely to happen IRL Twisted Evil (meteors destroying your house, aliens kidnapping your wife/kids, robots taking over the world and turning you into a battery cell, the "2012" crap-movie happening for real, ...)

And +1 for killmails using Limited API Keys, it would also make the killboard system much more reliable, since people share this one much more easily than the full one.

Edit : and for temporary key and/or limited access to API calls, wouldn't a modified "API proxy" do the job, by storing real keys and letting you generate temporary/limited ones ? (ofc, the recruitment officer/application/... would have to use that proxy and it would have to be trusted enough by both parties, so you're the man we need Chribba !)

CCP Stillman

Posted - 2010.10.22 17:42:00 - [13]
 

Originally by: Nikolai Kondratiev
And +1 for killmails using Limited API Keys, it would also make the killboard system much more reliable, since people share this one much more easily than the full one.

If we were to do this(I'm not saying we will, but it could be considered), would there be anybody who would NOT like that?

Commander TGK
Gallente
The Deep Space Armada
Posted - 2010.10.22 18:17:00 - [14]
 

Stillman please do this, we would very much appreciate a better method for the KBs.

0oO0oOoOo0o
Posted - 2010.10.22 19:38:00 - [15]
 

Edited by: 0oO0oOoOo0o on 22/10/2010 19:39:43
Originally by: Yuda Mann

It's so you can use a 3rd party piece of software or website to read your own mail. I think what CCP needs to do is make a 3rd security level for API's.

If someone likes to read his mails while not in game, he already has a tool for that, called EveGate.
Creating mechanics, where someone can poke his nose into private communications of others, is simply indecent.

TheLostPenguin
Posted - 2010.10.22 20:46:00 - [16]
 

Originally by: CCP Stillman
Originally by: Nikolai Kondratiev
And +1 for killmails using Limited API Keys, it would also make the killboard system much more reliable, since people share this one much more easily than the full one.

If we were to do this(I'm not saying we will, but it could be considered), would there be anybody who would NOT like that?


Seems like a fairly sensible approach to take, as was already mentioned this data is essentially in public domain anyway as the other party receives it also, I for one would be more likely to consider sharing a limited key for this purpose than the full one.

Originally by: 0oO0oOoOo0o
Edited by: 0oO0oOoOo0o on 22/10/2010 19:39:43
Originally by: Yuda Mann

It's so you can use a 3rd party piece of software or website to read your own mail. I think what CCP needs to do is make a 3rd security level for API's.

If someone likes to read his mails while not in game, he already has a tool for that, called EveGate.
Creating mechanics, where someone can poke his nose into private communications of others, is simply indecent.


Maybe some people also like to check their mails oog using something with a nice ui?
A nice highly customisable setup for multiple api keys with varying levels of access would be awesome, but I'm really not going to hold breath for that to happen because Soon™ surely doesn't apply to something that may be considered for adding to the to-do list sometime in 2015ugh

Azmodeus Valar
EVE University
Ivy League
Posted - 2010.10.22 20:53:00 - [17]
 

Another great option would be for a separate API for corporations only, so that corporate applications can use that API instead of the full api of a director.

Ixtelle
Posted - 2010.10.22 23:37:00 - [18]
 

Does the log differentiate whether a request was made with full or limited keys? I don't see anything that would show that, but OTOH I haven't given my full key out anywhere so maybe that's why. Still, would be nice to know.

Nikolai Kondratiev
Sphere Design Inc.
Posted - 2010.10.23 00:04:00 - [19]
 

Edited by: Nikolai Kondratiev on 23/10/2010 00:05:21
Originally by: Ixtelle
Does the log differentiate whether a request was made with full or limited keys? I don't see anything that would show that, but OTOH I haven't given my full key out anywhere so maybe that's why. Still, would be nice to know.


Pretty sure the only way to know is to check for the calls made and see if they require a limited or full api key (I assume failed calls don't get logged)

Tonto Auri
Vhero' Multipurpose Corp
Posted - 2010.10.23 00:18:00 - [20]
 

Edited by: Tonto Auri on 23/10/2010 00:19:26
Originally by: DmitryEKT
is there plans to add a way to "uncreate" an api key - creating a new one wipes the old one, but if i didn't want to have one active at all, there doesn't seem to be a way to do that?
yes, i know it's not something you can guess because of how long it is, but still, would be nice for those of us who are overly paranoid...


All keys always created. There's no state when you don't have API key generated for your account. (Provided you have an account)

Originally by: Nikolai Kondratiev
Pretty sure the only way to know is to check for the calls made and see if they require a limited or full api key (I assume failed calls don't get logged)


All calls made to API with your UserID are logged per your userID.
They differ with response code, however.

SirHarryPierce
Posted - 2010.10.23 00:28:00 - [21]
 

Is there a list somewhere that has known (save) IP' adresses on it?

I found these in my log:

"94.229.74.*" > EVE metrics
"82.99.35.20" > EVEboard

And my home and phone providers...


LegendaryFrog
Caldari
GoonWaffe
Goonswarm Federation
Posted - 2010.10.23 01:47:00 - [22]
 

Originally by: CCP Stillman
Originally by: Nikolai Kondratiev
And +1 for killmails using Limited API Keys, it would also make the killboard system much more reliable, since people share this one much more easily than the full one.

If we were to do this(I'm not saying we will, but it could be considered), would there be anybody who would NOT like that?


I can't think of anything negative that would come from it, and it would certainly be a big improvement with these full api key changes.

mazzilliu
Caldari
Sniggerdly
Pandemic Legion
Posted - 2010.10.23 02:47:00 - [23]
 

im in ur apis, stealin ur keys


reminding people about security wont make them more secure, forcing them kicking and screaming to change their credentials every once in a while will YARRRR!!

Gnulpie
Minmatar
Miner Tech
Posted - 2010.10.23 07:15:00 - [24]
 

Good blog, good reading! Thanks!

Can we have a longer history for the API-access maybe? I think 7 days are not long enough.

Ismil
Posted - 2010.10.23 11:20:00 - [25]
 

I see incoming panics and revoked API Keys:
http://up.frubar.net/322/ad.png
Very Happy

Kerdrak
GreenSwarm
Black Legion.
Posted - 2010.10.23 11:47:00 - [26]
 

Originally by: CCP Stillman
Originally by: Nikolai Kondratiev
And +1 for killmails using Limited API Keys, it would also make the killboard system much more reliable, since people share this one much more easily than the full one.

If we were to do this(I'm not saying we will, but it could be considered), would there be anybody who would NOT like that?


Killmails are not private info since 4 entities have access to the same killmail:

- Final blow dealer
- Final blow dealer's corp
- Victim
- Victim's corp

Can't see anything wrong with putting the killmails in the limited API.

woddel
Gallente
Canis Industries Ltd
Avaricious Cartel
Posted - 2010.10.23 13:30:00 - [27]
 

Edited by: woddel on 23/10/2010 13:34:21
"193.108.137.*" > EVE Commander & EC Shops

oh, and one more thing: i think the title of the devblog is a bit misleading: "api security - to whom do you give the keys to your spaceship?" -> it reads somehow like giving away a car key, meaning the recipient could fly, eh drive, away with your car and steal it. this is, obviously, not true concerning the api keys... :)

ceaon
Posted - 2010.10.23 16:04:00 - [28]
 

Originally by: CCP Prism X


We'll look into the security concerns of lovering the kill mail API to the limited key.

just make a ****ing api key for KM/KB

Lynn Deniera
Caldari
The Foreign Legion
The Remnant Legion
Posted - 2010.10.24 18:33:00 - [29]
 

You should really mention that with the limited api key you can see how much isk they have.

Catari Taga
Centre Of Attention
Middle of Nowhere
Posted - 2010.10.24 21:42:00 - [30]
 

Originally by: CCP Stillman
Originally by: Nikolai Kondratiev
And +1 for killmails using Limited API Keys, it would also make the killboard system much more reliable, since people share this one much more easily than the full one.

If we were to do this(I'm not saying we will, but it could be considered), would there be anybody who would NOT like that?

Make it a separate key.


Pages: [1] 2

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only