00:10.56 | lhunath | there - GPL |
01:04.27 | *** join/#wowroster Robojerk (n=rraines@cpe-67-49-103-62.socal.res.rr.com) |
01:29.56 | lhunath | zanix: could you provide the logo md5 as an attibute to the logo tag in the settings xml? |
01:30.19 | lhunath | feels so silly to do an extra GETFILEMD5 for it |
01:30.24 | Zanix | id does huh? |
01:30.27 | Zanix | *it |
01:30.40 | Zanix | as always, ill add it if UU doesnt break |
01:34.00 | lhunath | :) |
01:45.07 | lhunath | only just now converting juu to use GETSETTINGSXML rather than GETSETTINGS |
01:45.12 | lhunath | naughty me |
01:51.32 | Zanix | lol |
06:30.55 | *** join/#wowroster Tupsi (n=lumpi@217.7.101.202) |
06:33.39 | *** join/#wowroster Kaos (n=Kaos@vir78-1-82-230-45-137.fbx.proxad.net) |
09:34.50 | *** join/#wowroster PleegWat (i=PleegWat@leegwater-68.demon.nl) |
09:34.50 | *** mode/#wowroster [+o PleegWat] by ChanServ |
12:11.54 | *** join/#wowroster Sylphid (n=Sylphid@staff-110.outfitters.com) |
12:14.10 | lhunath | pleegwat: why'd matt not agree with implementing https? I mean, sure, self-signed certs are not 100%, but at least the traffic is encrypted. |
12:39.51 | PleegWat | I think he didn't know how to |
12:40.29 | PleegWat | IMO it's definitely safer than sending the passwords or the password hash directly |
13:05.24 | PleegWat | Also, I have no idea how you'd properly support secure auth on the server side |
13:05.34 | PleegWat | apart from running the whole roster on an encrypted connection |
14:10.30 | *** join/#wowroster Sylphid (n=Sylphid@64.6.15.110.outfitters.com) |
14:22.16 | *** join/#wowroster [Beercow] (n=happysl@1304ds1-ksa.0.fullrate.dk) |
15:02.04 | lhunath | pleegwat: only encrypting access to update.php ought to be enough, no? |
15:03.07 | PleegWat | And any other file using login features |
15:03.19 | lhunath | in any case; I don't really care for the moment; but if wowroster ever implements the option of using https only, jUU will be made to support that soon after |
15:03.30 | PleegWat | Plus the login is stored in a cookie, which basically contains the password hash |
15:03.31 | lhunath | well, yes |
15:03.58 | PleegWat | I don't know, but I assume just putting roster in the secure dir would work |
15:04.00 | lhunath | theoretically one can assume that so long as the communication is secure, the data is secure |
15:04.14 | lhunath | should assume the client's pc is not being tampered with |
15:04.43 | lhunath | probably |
15:04.48 | PleegWat | if the client pc has been tampered with nothing's secure |
15:04.53 | lhunath | exactly |
15:05.00 | PleegWat | even a officiall-signed certificate isn't secure then |
15:05.08 | PleegWat | s/a/an/ |
15:05.52 | lhunath | my point precisely; so yeah, as long as the client pc is safe; assuring security of communication will keep guild data trustworthy |
15:07.17 | lhunath | I was quite taken aback with the fact that anyone can update anyone's roster info, if only by changing their char name in the lua file and uploading |
15:07.17 | lhunath | heh |
15:07.17 | PleegWat | There isn't much of an alternative |
15:07.23 | PleegWat | you'd need everyone to have a trusted account name. |
15:07.35 | PleegWat | Though I have at some point considered automatic user/pass creation |
15:07.50 | PleegWat | having pass=md5(charName.guildName) or the like |
15:08.08 | PleegWat | possibly a random string generated at install included in that |
15:10.09 | PleegWat | A such algorithm should be reproducable ingame, so you can reliably send your members their passwords using ingame mail. |
15:10.25 | PleegWat | Though I don't know if the wow mail data is encrypted on the net, and it's against the ToS to check |
15:14.37 | lhunath | can easily be done using an ace library |
15:14.49 | lhunath | that provides encrypted channels for guild communication |
15:14.55 | PleegWat | I'm no good at lua. |
15:15.02 | lhunath | me neither |
15:15.57 | PleegWat | I've just, at some point, considered automatic user/pass generation |
15:16.23 | *** join/#wowroster Sylphid|work (n=Sylphid@staff-110.outfitters.com) |
15:17.56 | lhunath | such as ssl's keypair system |
15:19.10 | PleegWat | I'd say ic, but I don't |
15:19.11 | PleegWat | how'd that work here |
15:20.06 | lhunath | oh; it |
15:20.26 | lhunath | it's a complicated mess of keypair encrypted messages exchanged |
15:21.05 | lhunath | keypairs are two keys, a private and a public key; a message can be encrypted by one, and decrypted by the other key |
15:21.26 | lhunath | server has one key, client has the other |
15:21.34 | PleegWat | i iknow that |
15:21.39 | PleegWat | but how'd it work for auth |
15:21.49 | PleegWat | hm nm |
15:21.53 | lhunath | well; server encrypts a message, say 'Hello' |
15:21.54 | PleegWat | but how to distribute the keyts |
15:22.09 | lhunath | sends it to the client, if client can decrypt it; it has the valid key and is authorized |
15:22.56 | lhunath | theoretically, every guild member would have a private key, and the server would have all the public keys |
15:23.49 | lhunath | or every guild has one private/public keypair |
15:23.49 | lhunath | and every guildmember installs the private key |
15:23.50 | PleegWat | You're missing a very important point here |
15:23.55 | PleegWat | noob-security. lazyman-security. |
15:24.10 | lhunath | yeah. Well. Need to keep the private key safe. |
15:24.20 | lhunath | It's only as safe as the private key is |
15:24.39 | lhunath | which is why private keys are usually encrypted with a password heh |
15:25.09 | lhunath | which brings passwords back in the loop; not for communication authentication but for access to the real private key |
15:25.24 | PleegWat | ... |
15:26.02 | PleegWat | The safest thing I've thought of so far is that the user creates the account, sends an ingame message to the webby, the webby then activates the account for guild-level access |
15:26.05 | lhunath | easy enough to distribute private keys through wow if one were to make a distribution addon |
15:26.44 | PleegWat | no it wouldn't be easy because the user needs to have the addon already (probably before being able to access UU) |
15:26.58 | lhunath | build it into characterprofiler |
15:27.01 | lhunath | heh |
15:27.20 | PleegWat | chicken/egg? |
15:27.31 | lhunath | I don't see why. |
15:27.50 | PleegWat | I think it's too complicated |
15:27.58 | lhunath | GM has his characterprofiler set up with the private key; any new member has his characterprofiler poll the GM for the key |
15:28.13 | lhunath | would all happen behind the scenes |
15:28.24 | lhunath | but yeah, it's just a scenario |
15:28.28 | PleegWat | and data encrypting would be done by CP? |
15:28.46 | PleegWat | I don't think it's capable of that. CP files are big. |
15:29.58 | lhunath | CP just needs to make a 'privatekey.lua' SV as well as a 'characterprofiler.lua' |
15:30.12 | lhunath | with the former containing the key that jUU/UU can use for authentication |
15:31.04 | lhunath | I wouldn't trust lua to do encryption of big files optimally |
15:31.22 | PleegWat | probably wow would kill the script for stalling |
15:31.28 | PleegWat | or smth like that |
15:31.30 | lhunath | yeah. |
15:31.53 | lhunath | but yeah, just brainstorming |
15:32.15 | PleegWat | You'd have to contact calvin about stuff like that, he's the CP author. |
15:32.29 | PleegWat | but AFAIK he doesn't use IRC, but the only way to reach him is the rpgo forums |
15:41.14 | *** join/#wowroster Tupsi (n=Miranda@p54B20647.dip0.t-ipconnect.de) |
15:45.53 | *** join/#wowroster Kieeps (i=a@c-f641e353.033-8-6b736412.cust.bredbandsbolaget.se) |
17:25.57 | *** join/#wowroster Kieeps (n=a@c-f641e353.033-8-6b736412.cust.bredbandsbolaget.se) |
18:25.37 | *** join/#wowroster Kaos (n=Kaos@vir78-1-82-230-45-137.fbx.proxad.net) |
18:43.16 | *** join/#wowroster Harshmage (i=harshmag@bwitherspoontest.gc.maricopa.edu) |
18:43.36 | Harshmage | Ooookay, this is it....who's going to BlizzCon? |
18:48.34 | PleegWat | Nope. Too expensive |
19:05.42 | *** join/#wowroster Sylphid|work (n=Sylphid@64.6.15.110.outfitters.com) |
19:18.50 | ds001 | fawk.. 100 bucks?! sheesh |
19:20.03 | ds001 | 100 bucks to get bombarded by blizzard ads and promotions.. hmm.. yeah.. I'll pass.. :P |
19:28.50 | PleegWat | Meh, if it was just those 100 bucks I'd probably go |
19:29.04 | PleegWat | but I'm not sure I want to know how much a plane ticket there from europe costs |
19:30.59 | PleegWat | and the hotel costs |
19:32.10 | *** join/#wowroster Kaos_ (n=Kaos@vir78-1-82-230-45-137.fbx.proxad.net) |
19:57.41 | Harshmage | Last time, I got the hotel for $74 a night...and it was a hotel right across the street, in a room that was normally (I looked up the price later) $500 a night |
20:00.51 | Harshmage | It was on the same block as Disneyland |
20:40.31 | *** join/#wowroster apt (i=ibot@pdpc/supporter/active/TimRiker/bot/apt) |
20:40.31 | *** topic/#wowroster is This room is for the support of WoWRoster.net only [R-v1.7.3,UU-v2.6.4,UA-v0.7.8] | The devs have lives, they're not monitoring 24/7 | Troubles registering/viewing our site? Check here-> http://www.wowroster.net/Forums/viewtopic/t=15.html |
21:11.05 | *** join/#wowroster Sylphid (n=Sylphid@mail.chaos-dragon.com) |
21:50.49 | *** join/#wowroster Anaxent (n=Anaxent@ip72-208-134-254.ph.ph.cox.net) |
21:50.49 | *** mode/#wowroster [+o Anaxent] by ChanServ |
21:54.48 | Anaxent | whats up guys |
21:57.12 | Harshmage | Filling out fresh job app and resume thingo... |
21:57.47 | Anaxent | ah cool |
21:58.02 | Anaxent | I went and looked for a new apartment today |
21:58.06 | Anaxent | right downtown |
21:58.38 | Anaxent | a good 2 blocks from my work |
21:59.04 | Anaxent | what kind of job are you looking for |
22:00.39 | Harshmage | We've got a bunch open over here...just looking to move up... |
22:01.24 | Anaxent | ah yeah I hear ya there |
22:01.49 | Anaxent | I think there is a new position opening up soon at my work im gonna apply to |
22:02.33 | Anaxent | im planning on working the managment scene then move my self into dev in a good 5yrs or so |
22:18.38 | Harshmage | ahh...yeah, this is a management job....course, it's the same job I've been doing... |
22:20.27 | Anaxent | lol it always works out that way but this time you get the tittle |
22:20.39 | Anaxent | title* |
22:20.53 | Anaxent | yeah thats basiclly what im after right now as well |
23:08.12 | *** join/#wowroster draztik (n=draztik@hijack.packetaddict.com) |
23:09.06 | draztik | hey, looking for the armoury sync code on wowroster.net, not having much luck. Any directions? |
23:10.00 | ds001 | http://www.wowroster.net/Forums/viewforum/f=103.html |
23:11.31 | draztik | yeah i read kristoffs post, pretty clear that i need to edit index.php just not sure with what |
23:15.59 | Harshmage | textpad |
23:16.09 | Harshmage | notepad |
23:16.12 | Harshmage | wordpad |
23:16.15 | Harshmage | *pad |
23:16.47 | draztik | ... |
23:17.06 | draztik | the code not the editor ;) |
23:17.57 | draztik | nm ill figure it |
23:20.12 | lhunath | *pad-- |
23:20.16 | lhunath | vim++ |
23:23.08 | draztik | im not talking about what tool i use to edit index.php. I was wondering what code I have to include to have the roster sync with armoury.. |
23:23.33 | draztik | did not see it included in the forum thread or am i missing something |
23:28.37 | lhunath | I am aware |
23:29.13 | lhunath | I am not aware of the solution to your problem, though :) |
23:29.18 | ds001 | you need to be logged in to the Site to see file downloads. |
23:37.10 | draztik | got it thx |