Printer Friendly Error

[Thaumaturge]

If it's just reading magazine articles, who cares.

I strongly disagree with this sentiment, which has been voiced a couple of times on this thread. If I'm paying the roughly $15 a month for access to, among other things, Dragon and Dungeon articles, then I care a bunch if others can ride my coattails and freeload. On a larger scale, it is a disincentive for people to pay, since they could "get it for free". This then makes the DDI less likely to succeed, and we end up with no monthly D&D content.

I don't think this will be their authentication procedure once the payment starts, but I do, in fact, care if people are able to get the content freely.

I don't know how they'll stop "copy & pasters", though. I'll be interested in finding out.

Thaumaturge.

 

[Dragon Snack]

And I'm not sure if they're aware of the Printer Friedly error. That's one that has just come up recently, from what I read on Gleemax. (I did only skim the posts, so I can't say for certain.)

It's not new. As far as I know it's been the case ever since they started it up (definitely since November and I knew about it before then).

I've never been able to log in, but I've not only read articles there I've also posted links to the printer friendly versions.

 

[Jdvn1]

They're definitely aware of these things. In fact, I think I've seen WOTC staffers suggesting people use the "authenticate=true" thing when they have issues logging in.

If that's the case, then they probably want to keep this loophole until all the issues are resolved. Once you actually have to pay for the service, it'd be terrible if you had unresolved access issues.

 

[withak]

No, see my earlier posts in this thread.

Then what is left to discuss? This really is a non-issue.

This security "hole" has existed in D&DI for months now. Presumably, it's been left open to allow content access to those who have had problems logging in, myself included. Once D&DI subscriptions go live, it stands to reason that the powers that be will implement something a bit more robust.

 

[jester47]

blah.

 

[Delta]

Presumably, it's been left open to allow content access to those who have had problems logging in, myself included. Once D&DI subscriptions go live, it stands to reason that the powers that be will implement something a bit more robust.

WOTC has a pretty thick history now of really atrocious IT implementations. I wouldn't want to bet much on your hopefulness.

 

[withak]

WOTC has a pretty thick history now of really atrocious IT implementations. I wouldn't want to bet much on your hopefulness.

Oh, believe me, I expect nothing particularly good from D&DI/Gleemax as far as the IT implementation goes. However, there's a rather large gulf between "atrocious" and "criminally stupid". Allowing unfettered access to an arbitrary account by appending a "secret" parameter, while subscription dollars are on the line, would fall in the latter category.

Expecting or even worrying about this specific problem persisting into the production version of D&DI is, IMHO, just a tad silly.

 

[Knightfall]

Actually, it is ours. If you buy a subscription and someone can easily hitch a ride using your login, it becomes your problem.

QFT.

Right now, there doesn't seem to be much of an issue with the whole (&authentic=true) "backdoor", but it would be a problem once people start paying for DDI; especially if that backdoor gave the person using it access to all of DDI's content.

It wouldn't just be Dragon or Dungeon magazine articles, it would be all the features of DDI, IMO. Of course, it's like I said earlier, we will have to wait and see if the "authentication" process changes considerably for the subscription version of DDI.

 

[Mercule]

QFT.

I have some knowledge of programming and it seems like pretty "weak and poor" programming. And I tried the (&authentic=true) addition that you pointed out and it worked. It went from not logged in to logged in just like that. (Horrible!)


That's probably true but it's still a piss-poor design, IMO. i guess we'll have to wait and see.

As a developer for the same platform (ASP.NET) WotC is using, that security won't be hard to toggle. Doing it the way they did had to have been a conscious choice.

 

[drothgery]

As a developer for the same platform (ASP.NET) WotC is using, that security won't be hard to toggle. Doing it the way they did had to have been a conscious choice.

Ditto. Authentication in ASP.NET is pretty trivial exercise; it's hard to screw it up. The only possible gotcha is how to keep logins across a server farm and/or between ASP.NET applications, but there's a well-known solution for that.