open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: In-game Browser new functions
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: 1 [2] 3

Author Topic

mkmin
Posted - 2011.03.31 17:40:00 - [31]
 

Originally by: Two step
Originally by: mkmin
Does anybody else smell "extremely dangerous"? There is no mention of the headers requiring "trusted" status. I don't trust very many sites at all, but if they can slip in some code that takes all your stuff I won't be trusting any sites ever again.

Sounds like it might be time to add CCPBrowser.exe to blacklisted software. :S


*all* IGB specific headers require trust, I don't see why these would be any different.

I dunno... with the abysmal record CCP has with privacy, I see these things being very very dangerous.

CCP, how about you add different levels of trust to the browser? Or a way for the user to tell exactly what information you are helping the site owner to steal.

Ariane VoxDei
Posted - 2011.03.31 17:43:00 - [32]
 

Looks like, once again, new stuff is wide open to datamining.

One thing stands out though. "(new) showContents(stationID, itemID)"
Once you accumulate all your containerIDs, with matching stationID, then this stuff can be used to track your inventory.
Provided you do a bit of work to get a copy of the response and run a "adequate" set of scripts on it.

It might not yet rival inventory mods for some other games, but it is a start.

Oh and...

onmouseover
ccp.setdestination(rancer)
ccp.invitetofleet(gankalot)
and hope the autopilot is on...

And have the webserver quietly pass on the tasty location and ship data in the headers...

ps: yes I know some of it requires "trusted".

CCP Orion

Posted - 2011.03.31 17:44:00 - [33]
 

Originally by: Two step
Originally by: mkmin
Does anybody else smell "extremely dangerous"? There is no mention of the headers requiring "trusted" status. I don't trust very many sites at all, but if they can slip in some code that takes all your stuff I won't be trusting any sites ever again.

Sounds like it might be time to add CCPBrowser.exe to blacklisted software. :S


*all* IGB specific headers require trust, I don't see why these would be any different.


All IGB headers require trust indeed.

Galen Kamari
Gallente
Pelican.
Atlas.
Posted - 2011.03.31 17:45:00 - [34]
 

Edited by: Galen Kamari on 31/03/2011 17:50:12
Originally by: Somerset Mahm
But people that use a site with an alt that the website operator can now link to their main because both characters have the same account ID will scream. That's the angle I was looking at it from.

Seems to me that CCP's looking to separate characters so that they can't be associated on the same account unless the account holder wants them to be: API keys will be generated on a per-character basis, not per-account. Read the dev blog on the subject: Power to the End User - Customizable Access API Keys.

And from reading some of these comments: seriously some of you are too paranoid for your own good. Keep in mind that nothing can become automated through these features. A site author can't make your client do things without your consent. These are just to add convenience and enhance the UI, the intention of third-party development and the IGB. Lighten up!

mkmin
Posted - 2011.03.31 17:58:00 - [35]
 

Edited by: mkmin on 31/03/2011 17:59:54
Originally by: Galen Kamari
Edited by: Galen Kamari on 31/03/2011 17:50:12
Originally by: Somerset Mahm
But people that use a site with an alt that the website operator can now link to their main because both characters have the same account ID will scream. That's the angle I was looking at it from.

Seems to me that CCP's looking to separate characters so that they can't be associated on the same account unless the account holder wants them to be: API keys will be generated on a per-character basis, not per-account. Read the dev blog on the subject: Power to the End User - Customizable Access API Keys.

And from reading some of these comments: seriously some of you are too paranoid for your own good. Keep in mind that nothing can become automated through these features. A site author can't make your client do things without your consent. These are just to add convenience and enhance the UI, the intention of third-party development and the IGB. Lighten up!


EVE is all about paranoia and bad programming. If something can be used to steal, scam, or whatever it will be, even if other software companies would consider it a malicious exploit (CCP seems to like malicious exploits and calls them "features".) The real concern is that really quiet guy that never talks, who programs the alliance webpage... What's he going to slip in? Increased exposure means it's time to remove every page I've got from my trusted list, because with no "how much trust?" option we're required to trust the site programmer completely as a person. A person who wants all your stuff and is willing to lie cheat and steal to get it. edit: and that's assuming CCP got the trust system down right to begin with and there aren't any easily exploitable workarounds they CBA'd to fix.

Palovana
Caldari
Inner Fire Inc.
Posted - 2011.03.31 18:10:00 - [36]
 

Edited by: Palovana on 31/03/2011 18:12:24
Originally by: mkmin
I dunno... with the abysmal record CCP has with privacy, I see these things being very very dangerous.


Originally by: mkmin
EVE is all about paranoia and bad programming. If something can be used to steal, scam, or whatever it will be, even if other software companies would consider it a malicious exploit (CCP seems to like malicious exploits and calls them "features".) The real concern is that really quiet guy that never talks, who programs the alliance webpage... What's he going to slip in? Increased exposure means it's time to remove every page I've got from my trusted list, because with no "how much trust?" option we're required to trust the site programmer completely as a person. A person who wants all your stuff and is willing to lie cheat and steal to get it. edit: and that's assuming CCP got the trust system down right to begin with and there aren't any easily exploitable workarounds they CBA'd to fix.


I think I'll just stick to alt-tab for browsing stuff while I play. Half of the web is b0rked with the IGB anyway (for wine users at least).

edit: more quotage

Particul
Posted - 2011.03.31 18:24:00 - [37]
 

I have no idea what percentage of the player-base understood anything of that blog, except that it is probably a very small figure. Personally I shall avoid using the IGB wherever possible and put it on the shelf marked 'Dangerous' along with Evegate. If the majority of your players cannot understand a blog, you could

a) Preface it with a non-technobabble introduction and summary

b) Not write it at all

I spent twenty years as a programmer in industry and if this is meant to be a general help file it leaves an awful lot to be desired.

Catari Taga
Centre Of Attention
Middle of Nowhere
Posted - 2011.03.31 19:23:00 - [38]
 

A lot of these new methods do not seem to be functional. Did not test them all but from those that I tested I could not get the following to work:


  • addToMarketQuickBar(typeID) - this works but allows adding of non-tradeable types

  • block(characterID)

  • bookmark() - tested arguments: none, existing bookmarkID, locationID, itemID, x,y,z coordinates, etc., might be missing the correct sequence arguments here if it's functional

  • clearAutopilot() - does nothing, also tested with solarSystemID for existing waypoint as argument

  • showFitting() - shipDNA does not work as an argument anymore, example lists a fittingID which I did not test - please bring shipDNA functionaliy back, thx

  • showOnMap(corporationID) - this opens the map if it's not yet open but does not display any specific location

  • showSovereignity() - tested arguments: none,solarSystemID,regionID,allianceID



Shandir
Minmatar
Brutor Tribe
Posted - 2011.03.31 19:54:00 - [39]
 

Certainly this opens up some new scamming opportunities and some additional (in-game) security concerns, but from the sounds of it, there isn't anything which is going to "steal all your stuff" unless you have a habit of clicking contract/give money dialogs you haven't read.
I would say that it would be nice to allow disabling of certain features (like those that probably don't have a confirmation - eg autopilot destination) but actually, I'd just untrust any trusted site that screwed around with them.
Somer's gonna love these - easier for her addicts to throw more money at her (and less people sending ISK to the wrong Somer corp)

Megarom
Posted - 2011.03.31 21:40:00 - [40]
 

What I'd like to be able to do is drag all the dragable(to chat window) IGB forum text inputs so I could post fits or locations or people to my web site.

Also related to this but not to IGB, I'd love it if the fits pasted to a chat channel would somehow hold the fit information when I read the chat log later.

Black Romero
Posted - 2011.03.31 22:43:00 - [41]
 

Originally by: mkmin
Edited by: mkmin on 31/03/2011 17:59:54
Originally by: Galen Kamari
Edited by: Galen Kamari on 31/03/2011 17:50:12
Originally by: Somerset Mahm
But people that use a site with an alt that the website operator can now link to their main because both characters have the same account ID will scream. That's the angle I was looking at it from.

Seems to me that CCP's looking to separate characters so that they can't be associated on the same account unless the account holder wants them to be: API keys will be generated on a per-character basis, not per-account. Read the dev blog on the subject: Power to the End User - Customizable Access API Keys.


And from reading some of these comments: seriously some of you are too paranoid for your own good. Keep in mind that nothing can become automated through these features. A site author can't make your client do things without your consent. These are just to add convenience and enhance the UI, the intention of third-party development and the IGB. Lighten up!



EVE is all about paranoia and bad programming. If something can be used to steal, scam, or whatever it will be, even if other software companies would consider it a malicious exploit (CCP seems to like malicious exploits and calls them "features".) The real concern is that really quiet guy that never talks, who programs the alliance webpage... What's he going to slip in? Increased exposure means it's time to remove every page I've got from my trusted list, because with no "how much trust?" option we're required to trust the site programmer completely as a person. A person who wants all your stuff and is willing to lie cheat and steal to get it. edit: and that's assuming CCP got the trust system down right to begin with and there aren't any easily exploitable workarounds they CBA'd to fix.


YEAH - No offense CCP Orion and crew but after looking at all this I will be ALT- Tabin' it too. No more IGB for me. This is a FAIL idea. Alliances, corps beware!YARRRR!!

Grady Eltoren
Minmatar
Aviation Professionals for EVE
Posted - 2011.03.31 22:48:00 - [42]
 

Originally by: Shandir
Certainly this opens up some new scamming opportunities and some additional (in-game) security concerns, but from the sounds of it, there isn't anything which is going to "steal all your stuff" unless you have a habit of clicking contract/give money dialogs you haven't read.
I would say that it would be nice to allow disabling of certain features (like those that probably don't have a confirmation - eg autopilot destination) but actually, I'd just untrust any trusted site that screwed around with them.
Somer's gonna love these - easier for her addicts to throw more money at her (and less people sending ISK to the wrong Somer corp)



See the problem here is you open a website and the give money box pops up and you are busy typing on your laptop and the send button goes off accidentally. You all know how laptops can skip fields etc. One slip of the enter key at the wrong moment....

Again - Another reason why I am leaving EVE - CCP building more tools to enable theft instead of building tools to help stop it. At least give people the ability to combat all the loop holes you are opening up!! Let players put a camera on top their pos to deter corp theft, audit logs for ship mtx arrays - something. Instead we get IGB with glaring loops holes to prey on the not so tech savy or accidental click. Shame on you. Why does CCP want theft to happen? Does it help your bottom line that much? Some "feature".

Grady

P.S. No you cannot have my stuff and leave the troll responses out please.

Somerset Mahm
Somer's Omnibus Exploration and Reclamation
Cognitive Distortion
Posted - 2011.03.31 22:59:00 - [43]
 

Quote:

Somer's gonna love these - easier for her addicts to throw more money at her (and less people sending ISK to the wrong Somer corp)


Actually I am not too bothered about the sending money in, but if we get corp versions of these it will make sending prizes out SO much faster.

Sentient Blade
Posted - 2011.03.31 23:27:00 - [44]
 

Originally by: Somerset Mahm
Quote:

Somer's gonna love these - easier for her addicts to throw more money at her (and less people sending ISK to the wrong Somer corp)


Actually I am not too bothered about the sending money in, but if we get corp versions of these it will make sending prizes out SO much faster.


Sounds more like a need for a "owner only" API key which can actually use POST requests to the API to make actual write actions. That's always how I've done it when I've been writing complex APIs.

CCP Laurelle

Posted - 2011.03.31 23:28:00 - [45]
 

Edited by: CCP Laurelle on 31/03/2011 23:29:05
Originally by: Grady Eltoren
Originally by: Shandir
Certainly this opens up some new scamming opportunities and some additional (in-game) security concerns, but from the sounds of it, there isn't anything which is going to "steal all your stuff" unless you have a habit of clicking contract/give money dialogs you haven't read.
I would say that it would be nice to allow disabling of certain features (like those that probably don't have a confirmation - eg autopilot destination) but actually, I'd just untrust any trusted site that screwed around with them.
Somer's gonna love these - easier for her addicts to throw more money at her (and less people sending ISK to the wrong Somer corp)



See the problem here is you open a website and the give money box pops up and you are busy typing on your laptop and the send button goes off accidentally. You all know how laptops can skip fields etc. One slip of the enter key at the wrong moment....


Originally by: Ariane VoxDei


One thing stands out though. "(new) showContents(stationID, itemID)"
Once you accumulate all your containerIDs, with matching stationID, then this stuff can be used to track your inventory.
Provided you do a bit of work to get a copy of the response and run a "adequate" set of scripts on it..


Okay, looks like some misunderstandings need clearing up...

  • There is no "give money" from the IGB yet. If we do add it later there will be a lot of effort put into making sure it's not griefable.

  • All the new javascript functions require the website to be trusted which is something that the user explicitly selects.

  • showContents simply opens up an in-game UI and doesn't pass any information over to the website


We would love to hear more about actual security issues that you guys spot and suggest you try it out on Singularity. Our aim is to add much-needed functionality that allows you to make IGB websites which augment the game experience but at the same time be careful about compromising user security or allow automation through the IGB.

Catari Taga
Centre Of Attention
Middle of Nowhere
Posted - 2011.04.01 00:25:00 - [46]
 

Originally by: CCP Laurelle
or allow automation through the IGB.

As long as everything you can do via IGB requires user confirmation there will be no automation, only a way to use the client more efficiently than via the convoluted ingame UI.

Since the UI team isn't delivering anything useful all the more reason that you do. E.g. the sendMail() call is just perfect because you can enter all required information on the website already and the user only needs to click ok. Make the other calls the same please (contacts!).

Nauplius
Amarr
1st Praetorian Guard
Posted - 2011.04.01 02:23:00 - [47]
 

A successful XSS attack (or outright hack) against a popular 3rd party API-using EVE website or a disgruntled corporation or alliance webadmin can do some interesting things with this new API

The inviteToFleet() / startConversation() functions can be used to spam arbitrary players; every IGB user who visits the compromised site can be made to open convos with the attacker's target(s). Convos are opened immediately upon invocation of the method in question; not so much as an "Are You Sure" or similar stands between the attacker and spam victim.

The removeContact() / removeCorpContact() functions operate silently and without confirmation provided the player had earlier checked "Don't Show Again" on that part of the Contacts UI. This can be used for pure griefing or perhaps, say, deleting Titan alts out of the contact lists of passing IGB users. I'm sure the more devious can think of better uses; I'm just a grunt in a lovable NRDS corp, after all.

Although the block() method is not working on the test server, presumably it too would operate silently as there is no confirmation UI present in the game when someone is blocked. This has great grief potential; an attacker can block arbitrary players from all the IGB users visiting the compromised site. Disrupt enemies' communications...silence business rivals...

The addBounty() function offers at least some of the risk associated with the proposed giveMoney() function. Since putting a bounty on someone is the same as giving them money thanks to alt-killing, one wonders why this function is even in the API? Everyone knows the bounty system in this game is useless.

Two additional more broad, theoretical points

Nothing in the requestTrust() dialog box indicates to the user that he is giving permission to the site to perform client-side, writable, side-effecting actions like those above and many others that have now been added to the API. I doubt that many IGB users know they are giving permission to perform these types of actions, as the web does not normally work that way.

This whole thing smells of bad security and bad web architecture, really. A dialog box that, once clicked, gives a site permission to perform all sorts of client-side writable, side-effecting actions? I mean, there's two things wrong with that

1. Dialog boxes that in effect say "Are you sure you want to do this terrible insecure thing (OK/Cancel)" are a discredited security model on the web and all modern browsers are moving away from such things. It is best to disallow insecure things entirely, and if there be no other alternative, at least scare the living [email protected]#$ out of the user (see, for example Firefox's HTTPS warnings for sites with broken certs, or IE9's warnings for rarely downloaded files).
2. Regardless of whether you agree that step 1 adequately capture's user intent, you guys heard of hacking? XSS? Actually just script injection, nothing x-domain really needed for this API. You know that a lot of these EVE sites are just kids and college students and who knows what that, uh, these sites might not be the most bullet-proof sites in the world...

Catari Taga
Centre Of Attention
Middle of Nowhere
Posted - 2011.04.01 02:52:00 - [48]
 

Edited by: Catari Taga on 01/04/2011 02:54:29
To all the fear mongers in this thread: absolutely nobody forces you to use the IGB or to trust websites.

The IGB has been castrated of functionality for much too long, take your paranoia elsewhere and let the rest of us get a useful IGB back. Again, this is a fully optional tool, if you do not want it, do not use it.

Thanks CCP for working on it!

mkmin
Posted - 2011.04.01 03:28:00 - [49]
 

Originally by: Catari Taga
Edited by: Catari Taga on 01/04/2011 02:54:29
To all the fear mongers in this thread: absolutely nobody forces you to use the IGB or to trust websites.

The IGB has been castrated of functionality for much too long, take your paranoia elsewhere and let the rest of us get a useful IGB back. Again, this is a fully optional tool, if you do not want it, do not use it.

Thanks CCP for working on it!

Actually I would love extra functionality of the IGB. It's something I've wanted for quite a while. But we're back to the same issue of limited/full API. It's either agree to trust a site and every possible malicious thing they can think of in hopes you may get some functionality, or have an IGB that's really not worth using at all. (as it is I don't use the IGB unless I don't care about what I'm doing at the moment because of how 90's-ish it feels, and doesn't have the snappy response an oog browser has.) So please, give us levels of trust, just like the API. Those EVE players can be right bastards and our paranoia is 100% justified.

(BTW, it would be freakin' awesome if the CCP EVE sites were all optimized to work with the IGB, though that's kind of asking a lot considering they aren't optimized to run in an oog browser either.)

Derus Grobb
Minmatar
Selectus Pravus Lupus
Transmission Lost
Posted - 2011.04.01 05:01:00 - [50]
 

I too want the middle mouse button to open a link in a new tab. It's standard in every browser now and would surely be appreciated by a lot of people.

Firesh
Etoilles Mortant Ltd.
Solyaris Chtonium
Posted - 2011.04.01 05:37:00 - [51]
 

I sense an unusual amount of fear-mongery here ;)

What the heck are you doing using the IGB on a trusted website if you don't really trust it's security ?

We heavily use the API in order to get statistics and coordinate our market activities; any IGB extension would
be great for us in order to reduce carpal syndrom.

Tairon Usaro
The X-Trading Company
RAZOR Alliance
Posted - 2011.04.01 06:15:00 - [52]
 

Quote:
Bear in mind though that our rule of thumb for IGB functionality is not to provide functions that cannot be performed manually in the game client itself.


How about bringing back functionality the IGB already had ?!? ......

HTTP_EVE_NEARESTLOCATION

I had a scanning tool using it, you broke it.Confused now i am waiting to use it for a POS Tool.

Batolemaeus
Caldari
Free-Space-Ranger
Morsus Mihi
Posted - 2011.04.01 06:49:00 - [53]
 

Development of convo-loic is go. \o/
Thanks for the create convo thingy, it was the only thing required to turn the gm-endorsed convo-dos into a viable web application for alliance warfare.

Sentient Blade
Posted - 2011.04.01 11:24:00 - [54]
 

The paranoia is coming from what appears to be the more technically skilled group of players, of which I include myself in... it's kinda what working in the industry does for you.

Personally I would like CCP to state clearly that it will not tolerate any kind of meta-gaming using privileged or authenticated resources. These are tied to the security of the account / client and should be strictly off limits.

If a person were to fall to an attack via the IGB that person should be suitably reimbursed and the logs examined to put the offending website on a blacklist so it cannot be accessed via the IGB again.

With such 'secret attacks' and such there really is no difference between manipulating the users client without their knowledge, and flat out adding an exploit to the browser renderer.

Thebriwan
LUX Uls Xystus
Posted - 2011.04.01 11:48:00 - [55]
 

Hello!

When I first saw a new IGB Dev blog I was like: \o/

The new headers are very nice.

BUT: What in the seven hells are I going to do with the new functions?

Tho most things on the list can be achieved with a minimal number of clicks.

What I really want is to simplify things with massive click counts like producing, inventing or research.

A function like:

produceItem(<blueprintLocationId>,<stationOfProductionLineId>,<materialHangarId>,<productHangarArray>,<numberOfRuns>)

should open the production Dialog FILLED OUT - so that what takes like 5 to 10 clicks and an input of numbers could be minimalized to 2 simple clicks.

Ariane VoxDei
Posted - 2011.04.01 11:49:00 - [56]
 

Originally by: CCP Laurelle
Originally by: Ariane VoxDei

One thing stands out though. "(new) showContents(stationID, itemID)"
Once you accumulate all your containerIDs, with matching stationID, then this stuff can be used to track your inventory.
Provided you do a bit of work to get a copy of the response and run a "adequate" set of scripts on it..


Okay, looks like some misunderstandings need clearing up...

  • All the new javascript functions require the website to be trusted which is something that the user explicitly selects.

  • showContents simply opens up an in-game UI and doesn't pass any information over to the website




Dear Laurelle, I think you have misunderstood my view of that particular call, as well as not adressing what appears to be a misinterpretation, on my part, of its actions, based on a lack of documentation of its behaviour.

I do not see it as a snoop vector.
I did however envision it as showing you, in the IGB, the contents of the container, very much like the "view contents" context menu in the Assets window.
Now, it that were the case, e.g. getting a inventory list in a table in the IGB, you could then, for you own purposes, sc**** that info into a DB, and thus, eventually, get a complete inventory list that is updated each time you use a specially crafted webpage.
It is "merely" a matter of snooping on the connection of the IGB - or making a copy&paste from the page.
That could, with some work, be funnelled into a local DB (lets say mysql) that keeps track of your assets for you.

Unfortunately, you just told me that it does not view the contents in the IGB, it instead opens a ingame window. Something which I find a lot less useful, but I suppose someone must have had a use for it.

Cheapo Hobo
Caldari
Posted - 2011.04.01 12:08:00 - [57]
 

The so-called blog was absolute poppy talk to me. I ain't no browser programmer and I wouldn't code my way out of a cow's barn even if my flashlight was on.

mkmin
Posted - 2011.04.01 16:18:00 - [58]
 

Originally by: Cheapo Hobo
The so-called blog was absolute poppy talk to me. I ain't no browser programmer and I wouldn't code my way out of a cow's barn even if my flashlight was on.

Then maybe you should try not talking.

Abinadi9
NerdHerd
Intrepid Crossing
Posted - 2011.04.01 17:05:00 - [59]
 

Edited by: Abinadi9 on 01/04/2011 17:06:07
CCP (whomever),

How hard would it be to add, before these changes are released, EVE_FLEETID (and maybe EVE_FLEETBOSS as a boolean) as an HTTP header? EVE_FLEETID would consist of nothing more than the internal ID number for the fleet you were in and NO OTHER specifics like membership count, description, etc. This is of course assuming that fleets are assigned some kind of unique identifier.

As far as "nearest celestial to the http header" feature, this would be VERY nice however, givemoney, IMHO, would be pretty dangerous. The more information you can give to a trusted website about actual current game play, the better, I believe. Not assets or stuff like that, but system, near here or there, ship type, etc.

The new HTTP headers are a very good step in the right direction.

Thank you!

CCP Orion

Posted - 2011.04.01 17:53:00 - [60]
 

Thanks for all the feedback, good stuff, contradicting perhaps but all good :)
The goal of exposing you guys to these changes on SISI is to figure out a meaningful set of features without exposing players to grief and "electronic warfare". The build currently on SISI is a first stab at that, we'll iterate on that the next weeks, and keep you posted on progress.
Cheers.


Pages: 1 [2] 3

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only