Talk:Apocrypha IGB Documentation

From EVEDev

The section that talks about the headers mentions that if $_SERVER[] is used, "it's near impossible to forge these results".

Since there's no authentication of any kind going on, it's trivial to forge the variables -- just make the request from a user agent you control completely (ie. PHP CURL) -- send the headers as if you are the eve client. If you do it right, an IGB-compatible server can't tell you apart from the real thing.

• I would have to agree with you on that. I actually do forge the headers using Firefox (with the add-ons "User Agent Switcher" and "Modify Headers") as a quick means of testing my IGB code. It is entirely trivial and even the EVE Development Killboard doesn't know the difference. If you want security, you need to use more heavy duty authentication. 64.74.232.135 17:12, 14 May 2008 (CDT)

I've modified the article to reflect the fact that all of the data being presented is done so by the client and trivial to forge, it doesn't matter if you use $_SERVER or not.

[edit] Character TypeIDs

I've found that TypeID 1 doesn't work for linking showinfo: to players. I have discovered however that it doesn't matter what typeID you use, so long as it's a player typeid, it seems any of the race ones work for any players of all races. If someone could confirm my findings? 99.247.117.187 19:37, 27 April 2009 (UTC)