open All Channels
seplocked EVE Technology Lab
blankseplocked Feeback requested: Lowering the security level required for calls.
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 [2]

Author Topic

HyperBeanie
Phantom Squad
En Garde
Posted - 2011.01.18 18:54:00 - [31]
 

Originally by: Captain Thunk
Edited by: Captain Thunk on 15/01/2011 17:21:33
I agree with moving char/killlog to limited but I think corp/killlog should stay as full. If you were to drop corp/killlog to limited all you will achieve is a drastic increase of load on the api server as people use 60 keys from their members to be able to update every minute if they wish - I'm pretty sure you don't want that and I'm fairly sure you don't have any protection against people doing that.
...

Do you have 60 directors?
I still think that /corp/KillLog should be limited.

Bruno Bourque
Posted - 2011.01.19 12:44:00 - [32]
 

Originally by: Hel O'Ween

See, that's the difference between believing and knowing. I know that this is not the case in my country.


The company you work for OWNS all the email you send an receive using your work computer and work email servers. In some cases, they own anything you create while using a work computer, not all do this tho. But the email does belong to them.
I KNOW this, its not a quess.


If you go down the route of having pilots choose if their KM's show up on the corp list you will not get an accurate view of what kills a corp gets, there are a lot of stupid people that play eve that wouldn't work out how to turn that on, and end of the day, whats the point?

Catari Taga
Centre Of Attention
Middle of Nowhere
Posted - 2011.01.19 13:04:00 - [33]
 

Originally by: Bruno Bourque
Originally by: Hel O'Ween

See, that's the difference between believing and knowing. I know that this is not the case in my country.


The company you work for OWNS all the email you send an receive using your work computer and work email servers. In some cases, they own anything you create while using a work computer, not all do this tho. But the email does belong to them.
I KNOW this, its not a quess.

You missed the part where he said "in my country". Being in the same country as him I KNOW that he is right.

Also just because you don't value privacy and the right to choose that does not mean that others should not have the right to defend theirs.

Bruno Bourque
Posted - 2011.01.19 15:56:00 - [34]
 

I didn't miss it, I ignored it.

You choose to be in a PvP corp where kills are posted on a killboard. Its like joining a company and saying you don't want to give them your details so they can pay you.

Most things I think should be stored else where, and like others I would MUCH prefer an API version where it only shows name, corp and alliance. But killmails, including corp killmails should not require a full api key.

Captain Thunk
Sniggerdly
Posted - 2011.01.20 09:32:00 - [35]
 

Originally by: HyperBeanie

Do you have 60 directors?
I still think that /corp/KillLog should be limited.


I was taking it to the nth degree to illustrate the point.

We have 20 Directors so could conceivably pull API every 3 minutes.

Desmont McCallock
Posted - 2011.01.20 12:16:00 - [36]
 

Originally by: Captain Thunk
Originally by: HyperBeanie

Do you have 60 directors?
I still think that /corp/KillLog should be limited.


I was taking it to the nth degree to illustrate the point.

We have 20 Directors so could conceivably pull API every 3 minutes.


So? As long as CCP has the returning data cached, there is no problem to that.

Catari Taga
Centre Of Attention
Middle of Nowhere
Posted - 2011.01.20 15:22:00 - [37]
 

Originally by: Desmont McCallock
Originally by: Captain Thunk
Originally by: HyperBeanie

Do you have 60 directors?
I still think that /corp/KillLog should be limited.


I was taking it to the nth degree to illustrate the point.

We have 20 Directors so could conceivably pull API every 3 minutes.


So? As long as CCP has the returning data cached, there is no problem to that.

The returning data is not cached. You get a fresh set every 3 minutes in that case. Our killboard pulls updates every 15 minutes, for example.

Desmont McCallock
Posted - 2011.01.20 15:34:00 - [38]
 

Originally by: Catari Taga
Originally by: Desmont McCallock
Originally by: Captain Thunk
Originally by: HyperBeanie

Do you have 60 directors?
I still think that /corp/KillLog should be limited.


I was taking it to the nth degree to illustrate the point.

We have 20 Directors so could conceivably pull API every 3 minutes.


So? As long as CCP has the returning data cached, there is no problem to that.

The returning data is not cached. You get a fresh set every 3 minutes in that case. Our killboard pulls updates every 15 minutes, for example.


Again, if CCP is fine with that, where is the problem?

Captain Thunk
Sniggerdly
Posted - 2011.01.20 21:46:00 - [39]
 

Originally by: Desmont McCallock

Again, if CCP is fine with that, where is the problem?


If CCP were fine with that then why are they cacheing the data at all?

Mobius Fierce
Posted - 2011.01.21 01:23:00 - [40]
 

/char/KillLog - Limited.
/char/Research - Full.

Catari Taga
Centre Of Attention
Middle of Nowhere
Posted - 2011.01.21 09:08:00 - [41]
 

Originally by: Desmont McCallock
Originally by: Catari Taga
Originally by: Desmont McCallock
So? As long as CCP has the returning data cached, there is no problem to that.

The returning data is not cached. You get a fresh set every 3 minutes in that case. Our killboard pulls updates every 15 minutes, for example.


Again, if CCP is fine with that, where is the problem?

I don't see a problem or I wouldn't be doing it. Whether the characters I'm using to pull the KillLog are in the same corp or in different corps should not affect their "right" to each request the KillLog every 60 minutes. So even the 60 directors example, albeit extreme, would be ok from my point of view.

Aussie ALF
One Gear Inc
Posted - 2011.02.15 00:06:00 - [42]
 

THESE MUST BE LIMITED API
char/killmail
corp/killmail

In our corp we wanted to setup our killboard, however the Director wasn't tech savy and a corp member set it all up, the issue is the corp member then needed the Directors Full API to continue the killboard, this of course was met with "Not happening" as that corp member shouldn't have the right to see all corp assets, wallets, directors mail etc.

In the end we added a alt to the corp and assigned it a director to at least "avoid" the mail issue, however that corp member can now see all corp assets and wallets which is a major security concern.

Ultimately this needs to be Corp roles (Killmail) which would allow the corp member access to pull corp/killmail this way it can be assigned to who needs to see it.

Nikolai Kondratiev
Sphere Design Inc.
Posted - 2011.02.15 01:24:00 - [43]
 

Is that change even still considered with the API revamp described in a recent dev blog ?

Desmont McCallock
Posted - 2011.02.15 11:41:00 - [44]
 

Originally by: Nikolai Kondratiev
Is that change even still considered with the API revamp described in a recent dev blog ?


Apparently not.

Zhou Wuwang
Federal Laboratories
Posted - 2011.02.15 14:05:00 - [45]
 

Edited by: Zhou Wuwang on 15/02/2011 14:09:08
My two rupees:

* Kill Mails on Limited API Key
* Research on Full API Key

Agree with other comments about cleaning up the many different but very similar character sheet calls.

Agree with other comments about a future where unique API keys are assigned to a desired call with a configurable limited (or unlimited) lifetime.







Cory Sopapilla
Minmatar
Kiroshi Group
Posted - 2011.02.16 17:34:00 - [46]
 

Do people really need to know how much RP someone is getting? I've never even heard of anyone checking that.

Honestly, I'd prefer going the other direction. If we aren't going to be using a public/private setting per data type on a custom api key (like certificates) any time soon, the limited already gives too much information. It really should just show info available in game via right click + character list. Corp/Alliance, Corp history, standings (this could show if someone even has access to a datacore agent assuming social skill bonus possibilities), bounties, character age, race, gender, online or not, and bio.

Throwing killmail info on limited could be abused as an offline locator agent + spy intel since you can see where they are, what ship they're in, who was involved in the kills, etc.

Rakessh
Bat Country
Goonswarm Federation
Posted - 2011.02.17 02:08:00 - [47]
 

Edited by: Rakessh on 17/02/2011 02:07:44
Originally by: CCP Prism X
Hello peeps,

Me, Stillman and a few other peeps over here have been talking about the current access control on the API. There will be a Dev Blog pertaining to the details of those discussions later in the month for community feedback. However the work involved with that is somewhat extensive and until then we were thinking about doing some easy low-hanging-fruit fixes that we believe might do some good.

The issue here is mainly the FULL API Key requirement of calls that aren't really as sensitive as much of the other stuff the FULL key contains, mostly the body of EVE Mails. This requires characters to give out their FULL API key to CEOs (or others) who only need them to check the not-nearly-as-sensitive information regarding the character. As we all know from Stillmans Dev Blog: you should really think twice about giving anybody your FULL key (or any key for that matter).

The calls we identified as possible trouble makers:
/char/KillLog - Used heavily to populate kill boards
/char/Research - Used by CEOs to verify claims of datacore production

I would like to request your feedback on this.
Should this be lowered to the LIMITED key or stay on FULL?
Can you think of any other calls that might be better of on LIMITED access?

Thanks y'all!


But dude! Think of the poor spies!



Pages: 1 [2]

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only