Talk:IGB Documentation

From EVEDev

Jump to: navigation, search

The section that talks about the headers mentions that if $_SERVER[] is used, "it's near impossible to forge these results".

Since there's no authentication of any kind going on, it's trivial to forge the variables -- just make the request from a user agent you control completely (ie. PHP CURL) -- send the headers as if you are the eve client. If you do it right, an IGB-compatible server can't tell you apart from the real thing.

  • I would have to agree with you on that. I actually do forge the headers using Firefox (with the add-ons "User Agent Switcher" and "Modify Headers") as a quick means of testing my IGB code. It is entirely trivial and even the EVE Development Killboard doesn't know the difference. If you want security, you need to use more heavy duty authentication. 64.74.232.135 17:12, 14 May 2008 (CDT)

I've modified the article to reflect the fact that all of the data being presented is done so by the client and trivial to forge, it doesn't matter if you use $_SERVER or not.

Retrieved from "http://wiki.eve-id.net/Talk:IGB_Documentation"
Personal tools