Page 5 of 6

Re: New Patch 1.6.1 for our MMORPG Ryzom

Posted: Sun Oct 18, 2009 12:34 pm
by khyle
iceaxe68 wrote:I haven't had a chance to check out the new features yet (dirty rotten RL too busy this week) but if it's true that you need only the api key to access these features, and from the grand old insecure internet at that, I am concerned.[...]

kiakaha wrote:It seems that they have addressed it. There is now a login with your pw instead of the Full API key.

Sending my account password instead of an API key isn't exactly what I'd call addressing security concerns.
It seems this is just a frontpage for various web applications (mail and notes for the time being), but this isn't what a public API is for -- with this approach you could just as well develop all your "web" apps in-house and have no need for giving out insecure API keys.
Granted, that way a third party is unlikely to get acccess to my in-game mail, but neither am I, unless I log in via this front page, which in turn makes it unusable through other web apps.

So what you've given us is a way to check in-game mails through a web interface. Nice, but then why do I have to log into yet another site, if and when I'm already logged into the ryzom.com site, and the forum? Would be nice if this could be somehow centralised, through one secure login process, not spread over dozens of separate logins, one less secure than the next.

On the other hand, this hasn't given much "power to the players" - we still can't access our in-game notes and mail from any other app, web or standalone. While it's nice that I can now read my mail from my l33t iPhone, it doesn't offer any actual value to the third party developers out there.

A possible solution might be to have separate keys for separate applications, where an app first offers me its ID that I can enter into my profile page which in turn generates a key for that app only. In a perfect world I would even be able to select individually for each app what character information it may see, or whether it may send mail to me, or read it.

Re: New Patch 1.6.1 for our MMORPG Ryzom

Posted: Mon Oct 19, 2009 8:50 am
by thlau
khyle wrote: A possible solution might be to have separate keys for separate applications, where an app first offers me its ID that I can enter into my profile page which in turn generates a key for that app only. In a perfect world I would even be able to select individually for each app what character information it may see, or whether it may send mail to me, or read it.
You mean something similar to this?

I guess vl doesn't share our concerns.

Re: New Patch 1.6.1 for our MMORPG Ryzom

Posted: Mon Oct 19, 2009 11:30 am
by khyle
thlau wrote:
khyle wrote:A possible solution might be to have separate keys for separate applications, where an app first offers me its ID that I can enter into my profile page which in turn generates a key for that app only. In a perfect world I would even be able to select individually for each app what character information it may see, or whether it may send mail to me, or read it.
You mean something similar to this?

I guess vl doesn't share our concerns.
A lot of good and valid points raised there.

I think it wouldn't even be necessary for each app to be "registered" with ryzom.com -- I wouldn't want some kind of "officially sanctioned *pple store" either.

vl's response is rather discouraging indeed.

Re: New Patch 1.6.1 for our MMORPG Ryzom

Posted: Mon Oct 19, 2009 4:33 pm
by gcaldani
In my opinion, there is only one solution to the security holes:

ryzom.com must offer services to external applications, with a transaction service for the authentication of the user, so only official ryzom will receive the sensible data and just give the external application the required authorization to access its service.

Everything MUST be hosted in a secure server environment, similar to secure.ryzom.com (that cannot be directly used for this, so ryzom need a new server or change atys.ryzom.com as a secure server, installing a new certificate).

Personally i'm just using the banner service, but I will not use anything else in this insecure environment.

Actually, the problem is not losing the API key or having it hacked, because I don't care at all about people spying my characters, but sure I will NEVER enter my account password outside ryzom.com AND without any security encryption.

Be aware that, while a good game (and ryzom is) can be recovered with wise developing, a bad reputation related to security and user sensible data will be very hard to recover, so, please, be wise and think a bit more before opening the game to people outside the owning organization.

Said that, i like the idea of the API, i just didn't liked the actual approach.

Re: New Patch 1.6.1 for our MMORPG Ryzom

Posted: Mon Oct 19, 2009 4:59 pm
by ajsuk
Wouldn't it be wonderful if they just actually worked on the game? =)

Re: New Patch 1.6.1 for our MMORPG Ryzom

Posted: Tue Oct 20, 2009 9:14 am
by velogfx
give us more stuff :)

Re: New Patch 1.6.1 for our MMORPG Ryzom

Posted: Tue Oct 20, 2009 9:20 am
by acridiel
jwenting wrote:Would be nice to have new content indeed, and I don't mean more lvl250 content but content for lower levels as well.
Well, I guess the Devs act by the old saying: "Wonders will be delivered immediately, the impossible might just take a little longer." ;) :p

I mean, it isn´t like the patch before last did not implement new lvl 50 - 150 Missions, huh? No, that was just a fake, wasn´t it?

Seriously though, my guess is that they´re going one step at a time, like everybody else out there. And will deliver what´s ready and what´s done.

They´re trying to give something to everyone, once patch this will be lower players content, the next it will be for higher ones, the following it will be lowers again and so forth. If you mind this, well I´m sorry for you. But no amount of saying otherwise will hasten this process, or change it, mind you.

We can be glad that they ARE doing anything at all, in my book. So let´s just take our blessings and be done with it.

Though I agree in part with Ajusk *gasp* it would sure be nice to see more done, more quickly, I don´t think this is possible. The manpower just is too small.
If you think you can do better. Go for it. No-one will stop you.

But, remember that a not so small part of the community has been calling for just such things, like API keys, for some time and their´re providing what was wanted.

As to actually "working on the game", I´d say they did. The changes of the last few patches didn´t just appear by magic, y´know. But well, ranting is always easier than giving a little praise where its due. *shrug*

*thinks a bit*

Ah, hot damn! I´ve gone and exposed myself as "fanboi" again.
Gah, how could I even try and find something positive to say and much worse, oppose someones negative statement on a discussion-board. Those nice anonymous playgrounds, where throwing fits and s**t at each other rules the day. Hmhmmm, what cosy places these are.

But now, my mission is done!
Off to the Fan-Mobil!
*wraps cape around self in a flourish and takes off*

CU
Acridiel
"Is it a Nerd? Is it a Geek? No, it´s Fanboi!"

Re: New Patch 1.6.1 for our MMORPG Ryzom

Posted: Tue Oct 20, 2009 10:52 am
by murmadog
you havent enough areas to explore?.. i still have "white" areas in prime roots, forest and lake lands for explore in future... :p