These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Technology Lab

 
  • Topic is locked indefinitely.
 

Ingame trusted headers
Author
Previous Topic Next Topic
Risingson
#1 - 2011-10-28 12:27:18 UTC
Wanted to ask if it is safe to use ingame headers in trusted mode for character authentification. I dont know if this can be spoofed or else tbh? Appreciate some info there. ty
Vessper
Dark Mason Society
#2 - 2011-10-28 13:13:07 UTC
It's definitely not safe to rely on the headers for authentication. The headers can easily be spoofed - FireFox has an add-on that can do that very easily.
Steve Ronuken
Fuzzwork Enterprises
Vote Steve Ronuken for CSM
#3 - 2011-10-28 13:32:11 UTC
Tamperdata's a firefox plugin that can do it.

IGB headers are pretty much just there for information purposes. Depending on them for anything else is ill-advised.

Woo! CSM XI!

Fuzzwork Enterprises

Twitter: @fuzzysteve on Twitter
Dragonaire
Here there be Dragons
#4 - 2011-10-28 14:27:20 UTC
Just to add to the above trust isn't about your site trusting them but about the player trusting your site and you would be asking for trouble to believe anything they say Blink About the only thing to use the headers for is to prefill some form fields to make using them from the IGB easier.

Finds camping stations from the inside much easier. Designer of Yapeal for the Eve API. Check out the Yapeal PHP API Library thread.
Risingson
#5 - 2011-10-28 17:45:07 UTC
thank you very much for your answers