Originally by: Salpun
Thanks for the link. The masses will need pictures though before they will understand how helpful the IGB can be.
Regarding security, something similar seems to be true.
"Yes yes, I trust your site, now, here, trust my fake headers... how can you refuse, I logged them from the users at my 'trusted' site."
Unless there is no access without a login - not merely based on having the right characterID or corpID in the header.
All too many think that headers = honest IGB = can be trusted.
While anyone with even rudimentary knowledge of the workings of HTTP requests knows that is it trivial to tamper with. Don't need any shady hacks.
With just a little slight of hand, you are always, if someone believes the headers:
in a titan
and you are:ricdic.
Of course all patently false and contradictory.
It's not that we are against functionality, but security has to come with it.
Also this sort of thing leaks too much information.
The API guys have realized this and are working on breaking down API access to custom keys, giving access to just those bits that you decide.
Going this way of "all or nothing" will just end in a lack of features or lack of adoptation, as people, and rightly so, refuse to use it.