These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

EVE mail in your favorite e-mail client.
Author
Previous Topic Next Topic
Aphoxema G
Khushakor Clan
#1 - 2011-11-27 17:40:33 UTC
My friend stayed up all night to make a simple forwarding service that will convert EVEMail to POP3...

https://forums.eveonline.com/default.aspx?g=posts&t=38466&find=unread

What he needs most are a few people to put a little pressure on the service and see if we can find any problems. It works great so far and maintains formatting, it's so convenient to have EVEMails show up in my Gmail inbox with a convenient tag. He plans on improving the appearance and adding portraits from the sender.

He's not a big EVE player but he loves to program. A couple months ago he asked me what he should do, and I told him that he needs to make the next must-have tool like EVEMon and EFT. This isn't nearly as complex, but it's just as helpful.
Adunh Slavy
#2 - 2011-11-27 17:59:33 UTC
Pretty neat. I don't see why, since we have user names and passwords, CCP can't hook up a POP3 or IMAP4 interrface and use TLS or SSL.

Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.  - William Pitt
Buzzmong
Aliastra
Gallente Federation
#3 - 2011-11-27 18:11:25 UTC
Adunh Slavy wrote:
Pretty neat. I don't see why, since we have user names and passwords, CCP can't hook up a POP3 or IMAP4 interrface and use TLS or SSL.


Well. They could probably tie it into EVE-Gate.

Don't see why they'd bother though, it's not hard to log in and check mail that now these forums are part of Eve-G. It's not like you actually have to go ingame anymore.
Florestan Bronstein
Ministry of War
Amarr Empire
#4 - 2011-11-27 18:20:02 UTC
Cyna gets all his clients' evemails and has the audacity to ask for donations on top of that... Roll
Aphoxema G
Khushakor Clan
#5 - 2011-11-27 19:05:01 UTC
Florestan Bronstein wrote:
Cyna gets all his clients' evemails and has the audacity to ask for donations on top of that... Roll


There is a definite security risk, but this kind of thing by necessity is removing some kind of protection. He doesn't really play EVE and I know he has a good sense of ethics, so you'll just have to take our word that it's safe, like you do with EVEBoard, EVEMon, EFT and anything else that will accept your API key.

I know donations might seem like a lot to ask, but he's between jobs right now and 15 a month for EVE just to play with programming on top of hosting his own server with a business line can be a bit of pressure. I mean, he'll have that server and business line regardless but hosting anything does have an impact on that.
Morganta
The Greater Goon
#6 - 2011-11-27 20:21:10 UTC  |  Edited by: Morganta
sorry, but giving a 3rd party PASSWORD LEVEL ACCESS to your account is foolish, and this service should be banned as a major security risk and or possible scam.

unless someone can enlighten me on how it isn't


actually this might even violate the EULA in terms of account sharing

and not to be a total dickhead here, what if he simply sold the script so people can add it to their own mail servers?
that would be less risky

and another thought is eventually if the service got big enough you would get banned for hitting the API too much from the same IP address
Nemesis Factor
Deep Core Mining Inc.
Caldari State
#7 - 2011-11-27 20:26:09 UTC
I didn't check the link, but if he needs usernames and passwords, he's definitely doing it wrong. You can get evemail via API. Of course you couldn't mark it read or anything in eve by using that method, but this way we would be able to create a special API with nothing but evemail access and give him that.

CCP themselves say never give out your username or password to anybody.
Morganta
The Greater Goon
#8 - 2011-11-27 20:29:16 UTC
Nemesis Factor wrote:
I didn't check the link, but if he needs usernames and passwords, he's definitely doing it wrong. You can get evemail via API. Of course you couldn't mark it read or anything in eve by using that method, but this way we would be able to create a special API with nothing but evemail access and give him that.

CCP themselves say never give out your username or password to anybody.


it is the API, but you are giving the key with the id and pass encoded into it. no they cant raid your corp hangar or empty your wallet. but it does give them the ability to misuse the data, parse it, store it, sell it as intel, sell your API email fetch key to the highest bidder.

never give a key with password level access to anyone imo
Cipher Jones
The Thomas Edwards Taco Tuesday All Stars
#9 - 2011-11-27 20:32:52 UTC
Quote:
...so you'll just have to take our word that it's safe,


That's pretty fuckin' insulting TBH.

Its equally as safe to have unprotected sex with a Tijuana prostitute.

internet spaceships

are serious business sir.

and don't forget it
Aphoxema G
Khushakor Clan
#10 - 2011-11-27 21:31:31 UTC
Morganta wrote:
sorry, but giving a 3rd party PASSWORD LEVEL ACCESS to your account is foolish, and this service should be banned as a major security risk and or possible scam.


Nemesis Factor wrote:
I didn't check the link, but if he needs usernames and passwords, he's definitely doing it wrong. You can get evemail via API. Of course you couldn't mark it read or anything in eve by using that method, but this way we would be able to create a special API with nothing but evemail access and give him that.

CCP themselves say never give out your username or password to anybody.


The service only uses your API information like any other legitimate program.

What the service cleverly does is use your CAK ID and vKey as the username and password as the POP3 account, this allows it to use POP3 connections without keeping an account on the POP3 server.

Morganta wrote:
it is the API, but you are giving the key with the id and pass encoded into it. no they cant raid your corp hangar or empty your wallet. but it does give them the ability to misuse the data, parse it, store it, sell it as intel, sell your API email fetch key to the highest bidder.


You are absolutely correct, this could be abused. This is a good service for people like me who don't handle sensitive information and just use EVEMail to talk to other people in game sometimes. It's also because that I'm not important that I'm willing to hand my API information to EVEBoard, EFT, Battleclinic and EVEMon.


Cipher Jones wrote:
Quote:
...so you'll just have to take our word that it's safe,


That's pretty fuckin' insulting TBH.

Its equally as safe to have unprotected sex with a Tijuana prostitute.



Just because you're offended doesn't mean that you're right.
Cipher Jones
The Thomas Edwards Taco Tuesday All Stars
#11 - 2011-11-27 23:32:46 UTC
Quote:
ust because you're offended doesn't mean that you're right.


You assume insults offend me.

Fact: It is safer to not trust your account information with third parties than it is to share the information.

Debate it all you want. If its not obvious to you I can't make it so.



internet spaceships

are serious business sir.

and don't forget it
Liam Mirren
#12 - 2011-11-27 23:35:34 UTC
evewho wasn't enough, now they're also angling to read your mails.

No thanks.

Excellence is not a skill, it's an attitude.
rofflesausage
State War Academy
Caldari State
#13 - 2011-11-27 23:35:42 UTC
Cipher Jones wrote:
Quote:
...so you'll just have to take our word that it's safe,


That's pretty fuckin' insulting TBH.



OP effectively said : "Hey guys, here is a new cool thing we made. There are security issues of course, so you'll have to trust us or not use the service"

You're insulted by someone offering this....and being honest about associated issues?

Nothing more than 2/10. You need to be more subtle.
Cipher Jones
The Thomas Edwards Taco Tuesday All Stars
#14 - 2011-11-27 23:41:41 UTC
Quote:
: "Hey guys, here is a new cool thing we made. There are security issues of course, so you'll have to trust us or not use the service"


Considering that there is a sticky thread on the front page of the forums specifically stating not to do so, you should re-evaluate who is trolling whom. Because if they are not trolling, they are insulting everyone's intelligence.

internet spaceships

are serious business sir.

and don't forget it
rofflesausage
State War Academy
Caldari State
#15 - 2011-11-27 23:49:35 UTC
Cipher Jones wrote:
Quote:
: "Hey guys, here is a new cool thing we made. There are security issues of course, so you'll have to trust us or not use the service"


Considering that there is a sticky thread on the front page of the forums specifically stating not to do so, you should re-evaluate who is trolling whom. Because if they are not trolling, they are insulting everyone's intelligence.


If there is a sticky from CCP saying that people shouldn't give out their API info to 3rd party websites, I can't find it. A lot of well respected 3rd party websites use the API without source code being available and if CCP are claiming not to use these, I'll be surprised.

In fact CCP seems pretty clear from the API page that you can give the info to who ever you want, but you live with the consequences if it's intel is used against you.

Got a link?
Abdiel Kavash
Deep Core Mining Inc.
Caldari State
#16 - 2011-11-27 23:59:11 UTC
Haha I don't know who's a worse troll, the completely unknown person asking for access to people's EVEmails, or the guy saying giving out your API somehow gives you the EVE account password.

*grabs popcorn*
rofflesausage
State War Academy
Caldari State
#17 - 2011-11-28 00:09:48 UTC
Abdiel Kavash wrote:
Haha I don't know who's a worse troll, the completely unknown person asking for access to people's EVEmails, or the guy saying giving out your API somehow gives you the EVE account password.


But...but...The API is scary...It has loads of documentation, contains 3 capital letters that stand for something and is used by those mythical beasts known as 'programmers'. SO THEREFORE PEOPLE CAN ACCESS YOUR ACCOUNT WITH IT.

It's not like there is documentation out there or anything....
Ai Shun
#18 - 2011-11-28 00:25:21 UTC  |  Edited by: Ai Shun
rofflesausage wrote:
It's not like there is documentation out there or anything....


And here is the information you would be making accessible to this person in exchange for the ability to fetch your EVEMail with POP3.


  • Character sheet
  • Skill queue
  • Factional Warfare Statistics
  • Standings
  • A full list of everything you own
  • The status of your account(Disabled, paid for, when it's paid until)
  • Your wallet journal and transaction list
  • All your mails and the content of them
  • Your contact list
  • Corporation data which you have access to through your roles


While I like the concept, I'm not willing to trust somebody who's idea of information security is "Trust me because I say so". Yes, there are other applications that require API keys. Those applications have a long history in EVE and they built up a reputation to trust. You don't get people to trust you by saying "It's safe, we won't be assholes"
Aphoxema G
Khushakor Clan
#19 - 2011-11-28 02:24:51 UTC
Ai Shun wrote:
rofflesausage wrote:
It's not like there is documentation out there or anything....


And here is the information you would be making accessible to this person in exchange for the ability to fetch your EVEMail with POP3.


  • Character sheet
  • Skill queue
  • Factional Warfare Statistics
  • Standings
  • A full list of everything you own
  • The status of your account(Disabled, paid for, when it's paid until)
  • Your wallet journal and transaction list
  • All your mails and the content of them
  • Your contact list
  • Corporation data which you have access to through your roles


While I like the concept, I'm not willing to trust somebody who's idea of information security is "Trust me because I say so". Yes, there are other applications that require API keys. Those applications have a long history in EVE and they built up a reputation to trust. You don't get people to trust you by saying "It's safe, we won't be assholes"


And this is evidence that people don't understand the API. The requirements for the CAK to work with the service is to only allow mails to be read.

Here's a list of things that EVEBoard, EVEMon and EFT will have access to if you generate an unrestricted access key...


  • Character sheet
  • Skill queue
  • Factional Warfare Statistics
  • Standings
  • A full list of everything you own
  • The status of your account(Disabled, paid for, when it's paid until)
  • Your wallet journal and transaction list
  • All your mails and the content of them
  • Your contact list
  • Corporation data which you have access to through your roles


That is not to say Cyna deserves the same level of trust that these other utilities have earned, merely that these are risks people routinely take without much thought.

Please take care not to misinform the public due to your own ignorance.

Cipher Jones wrote:
You assume insults offend me.

Fact: It is safer to not trust your account information with third parties than it is to share the information.

Debate it all you want. If its not obvious to you I can't make it so.


Regardless, I think it's an unnecessary and libelous to compare what Cyna offers to unprotected sex with a Tijuana prostitute.
Morganta
The Greater Goon
#20 - 2011-11-28 02:39:14 UTC  |  Edited by: Morganta
Abdiel Kavash wrote:
Haha I don't know who's a worse troll, the completely unknown person asking for access to people's EVEmails, or the guy saying giving out your API somehow gives you the EVE account password.

*grabs popcorn*


nobody said that
password level access: IE access to data that typically requires the use of a password to access

nobody said it places you account in any danger
it does however give a 3rd party access to data that requires a password to see
this is typically regarded as sensitive data by most sane people.

as I stated earlier the API key you generate is safe to give out to whoever, but there's some things you shouldn't give out
like access to your ingame email, the ability for someone to read or sell that data.

if you seriously think this is a good idea you got a screw loose

and APIs are not scary, I work with them quite a bit.
they do what they are supposed to do, but sadly they can't think for you
12Next page