#61
Posted 11 September 2013 - 12:49 PM
They got the keys to your life, but you got some kool stats pages.
War Eagle, I'm not suggesting that you're the kind of ********* that would actually do this sort of thing. But I'm also not saying you couldn't be.
If PGI endorses it then I'm all in.
Till then, it just looks kool.
Safely.
From this side of my firewall.
#62
Posted 11 September 2013 - 12:54 PM
PGI has no onus or responsibility in saving you from yourself and compensating you for your loss.
Sure, they are a decent bunch of Canucks, who will give you the shirt off their back to help a fellah out, but they don't have to.
#63
Posted 11 September 2013 - 04:33 PM
We went over all the worst possible scenarios. And they're all bad! They could sell all my mechs, spend all my GXP, blow all my MC, then drain my cbills by selling all my gear and buying it back and selling it again till I'm completely drained.
Imagine logging in and finding all your mechs gone. You'd still have your founder mechs, but they could all be completely stripped. What would you do with no cbills, no GXP, no MC, and no mechs. Drive trial mechs till you kill yourself most likely.
Could PGI undo it all? Probably. Would they? Probably not.
#64
Posted 11 September 2013 - 05:15 PM
This stuff.
#65
Posted 11 September 2013 - 06:02 PM
Such as I would want to know what distance I tend to engage with certain weapons so that I know whether I am engaging at the correct range.
Thanks
#66
Posted 11 September 2013 - 09:54 PM
Dazc, on 11 September 2013 - 06:02 PM, said:
Such as I would want to know what distance I tend to engage with certain weapons so that I know whether I am engaging at the correct range.
Thanks
No. Look at your stats data to see what data the app can scrape from the website. If it's not there (and it's not) then the app doesn't have access to the data.
@OP: app looks good, nicely done. I have one significant problem with your implementation: you ask users to store their username + password in clear text on the harddisk. This is very dangerous, and unnecessary. You obviously already know how to pass cookies around to emulate a web browser, and since the cookies are valid for a long time there's little need for keeping the username + password pair around.
If the cookie expires, ask for the username + password again.
Either that, or implement a secure method of storing the pair.
Tyr Gunn, on 11 September 2013 - 04:33 PM, said:
Actually, quite the opposite is true. It's in PGI's best interest to resist helping at all. Otherwise they'll be constantly harassed by scammers.
#67
Posted 11 September 2013 - 11:43 PM
focuspark, on 11 September 2013 - 09:54 PM, said:
Ya. That's what I said. They have no obligation to render assistance and undo the damage caused by someone giving away the credentials to their account.
Didn't I?
#68
Posted 12 September 2013 - 01:25 AM
I only have an old link available (posted on page two of this very same thread), but I'm sure, if requested, SWE will post the updated code as well.
http://pastebin.com/NzsCxT30
Of course there is no obligation for PGI/IGP to help you (but if you are lucky they will), if you do lose access to your account, because of some third-party tool like this, but SjurWarEagle can't be any more open on what that tool does with your data.
#69
Posted 12 September 2013 - 09:17 AM
The reality is that while SjurWarEagle might be a decent guy, the next guy might not be. And that next guy has an opportunity here because there is already a bridge of trust associated with this type of back door. Make no mistake; that's what you're providing WarEagle with, a back door to your account. Maybe he won't do anything villainous with it, but the possibility remains. The mere fact that he's made the tool open means anyone with the drive can turn it around for the purpose of evil by whipping up a better functioning or looking tool from its framework.
Again, it's not the creator or the tool I have any issue with. I just want everyone to think about the associated risks. Regarding PGI bailing you out if your account gets hijacked, there is a pretty small chance of that happening. If it happened to one or two, maybe. But dozens, maybe hundred or more? Fat chance. Especially if it was your own damn fault.
Read TOS, section 5, subsection 1. Articles 1 & 2:
Quote
1. Responsibility—you are solely responsible for
1. your Account and the maintenance, confidentiality and security of your Account and all passwords related to your Account, and
2. any and all activities that occur under your Account, including all activities of any persons who gain access to your Account with or without your permission
"Solely responsible" means you're totally boned if you give your password to someone and they hijack your account. You're more likely to get bailed out if all user accounts got hijacked.
Just sayin', play safe kids! Only you can prevent forest fires.
#71
Posted 12 September 2013 - 08:05 PM
I want to drop some lines on the security topic. As already written, I have no interest in your accounts and personally I have no advantage in this, my mechbays contain 13 mechs at elite level and about 17.000.000 c-bill, I bought Phoenix and I'm playing several times a week with friends.
But: Can I prove this and create a comfortable feeling on this topic for you? No.
This is the big disadvantage of the internet, there is so much fraud, it's important to be sceptical. As far as I know there is absolutely nothing I can do about this problem except doing good work and not abuse the little trust there might be.
I'm trying to provide more transparency by moving the project to an open source repository: https://sourceforge.net/projects/mechcollect/
You now are able to track every step in my development.
At the moment I'm not sure if I like this idea, it's not about the fact being some kind of transparent, it's the fact it now is more than a little hobby project. Mechcollect was created because I like statistics and wanted you to be a part of this love. I had several opensource projects wich all died the moment they got too much attention.
I love programming, but I must have the love to do this. Some time I don't have the fun in doing so. At the moment I'm painting my miniatures for a little upcoming dreadball competition with some friends, so I'm not improving mechcollect. Maybe tomorrow I'm doing nothing else but programming. This uncalculated behavior is my way of gooing on with my hobbies and I don't want to change it, just because I'm opening the development to the public - to you.
Please keep in mind, opening the source doesn't automatically provide security. I still could provide a binary containing {Scrap}, but as written, why should I do so. The repository at google contains all scripts for you being able to compile the code by yourself (there is a build.xml in the folder ant).
Feel free to comment.
And now the answers for the individual questions.
Jman5, on 11 September 2013 - 12:20 PM, said:
done, the label was correct, I didnt know it wouldn't change the link, too...
Now it's correct, thanks for pointing out.
Jman5, on 11 September 2013 - 05:15 PM, said:
at the moment this data isn't stored individually, but there is already a request of making it available in mechcollect.
Dazc, on 11 September 2013 - 06:02 PM, said:
As focuspark already wrote, no I cannot do this. But the damage/shot diagram is some indicator of how effective you are. If you are firing the weapons at extreme range, your damage/hit will be less than if you are in optimal range.
focuspark, on 11 September 2013 - 09:54 PM, said:
This is very dangerous, and unnecessary. You obviously already know how to pass cookies around to emulate a web browser, and since the cookies are valid for a long time there's little need for keeping the username + password pair around. If the cookie expires, ask for the username + password again. Either that, or implement a secure method of storing the pair.
I'll change the way the password is stored in one of the next versions, thanks for reminding me.
When doing this I'll experiment with your idea, this might work, but it only will be an additional way for authentication.
The problem is, if you are using 2 browsers, the session get's invalid. So if you are browsing the forum after refreshing, the session of mechcollect gets killed and it has to reauthentificate.
This would cause a pop-up for logging in very often. But yes, it's an idea worth thinking about.
Edited by SjurWarEagle, 12 September 2013 - 09:56 PM.
#72
Posted 13 September 2013 - 09:45 AM
SjurWarEagle, on 12 September 2013 - 08:05 PM, said:
When doing this I'll experiment with your idea, this might work, but it only will be an additional way for authentication.
The problem is, if you are using 2 browsers, the session get's invalid. So if you are browsing the forum after refreshing, the session of mechcollect gets killed and it has to reauthentificate.
This would cause a pop-up for logging in very often. But yes, it's an idea worth thinking about.
Completely understood, and I've actually been thinking about how to do this. The best option I've come up with (and some of my ideas have involved complicated keypair solutions) is to have the app keep the password in memory and the username + cookie on disk. So long as a valid cookie exists the app should use it, if there's no valid cookie the app should use the in-memory password if possible, otherwise the app will need to ask the end user for it.
The downside of this model is while surfing the forums, users could be logged out via the app. Having the ability to set the frequency and timing of the logons should help minimize this.
#73
Posted 13 September 2013 - 10:49 AM
The only difference would it, that it isn't stored on the disk.
#74
Posted 15 September 2013 - 11:03 AM
This version contains:
1.2
New:
* Battlelog - review your stats of fights long ago
* removed AMS from battle-statistics on right monitor and battelog
* password will be encrypted, if you want to change it, simply enter the new one into the password= line in the config.properties and start the application
Bugfixes:
* removed some bugs when starting with empty database
And here the teaser:
Edited by SjurWarEagle, 15 September 2013 - 11:08 AM.
#75
Posted 15 September 2013 - 06:57 PM
#76
Posted 16 September 2013 - 08:08 AM
#77
Posted 16 September 2013 - 09:48 AM
Did you get any messages in the dos-window, did you try to refresh manually?
Oh, or did you start the app after the game started? Then it doesn't get it when the game finishes.
Edited by SjurWarEagle, 16 September 2013 - 09:49 AM.
#78
Posted 17 September 2013 - 06:42 AM
SjurWarEagle, on 16 September 2013 - 09:48 AM, said:
Did you get any messages in the dos-window, did you try to refresh manually?
Oh, or did you start the app after the game started? Then it doesn't get it when the game finishes.
Oh, I think I figured it out. The battlelog is incorrectly putting the games out of order. I think it sometimes screws up AM and PM. Although most of my games are correct. I tried re-clicking the "order by timestamp" button but it does not fix things.
Edited by Jman5, 17 September 2013 - 07:18 AM.
#79
Posted 17 September 2013 - 08:48 AM
Every day a new interesting bug
#80
Posted 18 September 2013 - 09:40 AM
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users