Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
White Dwarf Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Nest
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions, OSR, & D&D Variants
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
EN Publishing
Twitter
BlueSky
Facebook
Instagram
EN World
BlueSky
YouTube
Facebook
Twitter
Twitch
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions, OSR, & D&D Variants
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
Upgrade your account to a Community Supporter account and remove most of the site ads.
Community
General Tabletop Discussion
*Pathfinder & Starfinder
Printer Friendly Error
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="sunmaster" data-source="post: 4058242" data-attributes="member: 54722"><p>Okay,</p><p></p><p>I was the one who began this thread - there on the Wotc forums - and I want to write my own 2cents here:</p><p></p><p>I am also one of the many developers here on these forums. And therefor I know that this kind of "bug" is patched in no time. </p><p></p><p>BUT:</p><p>A) I always thought that the actual DDI - with the pages of Dragon and Dungeon - is a showcase of the coming - subscription based - DDI. In this case I would show my future customers that I take security very seriously. So no "&authentic=true"-Bug should slip through.</p><p></p><p>B) I see the thinking of "the security in my applications is enough, I don't have to make more for it" more or less everyday in the field out there. This is just not true. You cannot do enough about security. </p><p>Really, I have the fear that the DDI developers just think : "Oh, let them access it with "&authentic=true" now. We just patch it before going production. Then all things will be okay. People will be happy." And then at the day when DDI goes really online - with all the subscription services - all hell breaks loose. </p><p></p><p>Do they really think, that people will not give away their accounts to brothers, sisters and good friends?</p><p>Do they really think that no one will try to get the articles for which others paid for nothing?</p><p>Do they really think no one will try to access the accounts which will be at the back of the printed books?</p><p></p><p>To make it fair for the </p><p>authors - who are and will be making their money with the content in DDI - by not let everyone access their texts, pictures etc.</p><p>and the customers - who will pay for the content and support the authors - by only letting them access the content, </p><p></p><p>you have to "test, validate, patch, test, validate ..." __today__ so that from the developers over the administrators to the customers, everyone will work on one line regarding the security after the "day one" of DDI.</p><p></p><p>WotC has a special kind of customers: These people love to read and learn. It should be very easy to teach them how to help the devs and admins of DDI so that the security breaches will be minimized. </p><p>Believe me, the most security breaches have their source in uneducated guesses. </p><p>"Ohh, the laptop full of WotC customer data is secured by cryptography. I can take it with me to my home by bus. It is secure."</p><p>You have to take the customers in such an app as DDI on board regarding the security of the system. Because if Joe-Anne is just giving up to her 11 year old brother Chris, who whined so long until he got the account data from her, and the next day he gave the account to this best friend Marc in school - just to make a presence before him that he has the account - </p><p>then yo make what you want but accounts will be misused.</p><p>But because Jow-Anne is a RPG freak - loving reading and learning - you can teach her __now__ how to use the acconts-.</p><p>BUT to to THIS you have to implement the security now so that from the devs to the admins to the customers everyone can train.</p><p></p><p>But in the end it the choice of WotC and their devs and admins what they want to do about their apps.</p><p>Not my company, not my app(-suite) ... <trollmode>I am just waiting on slashdot for the message that data of 1.5M customers of WotC are stolen</trollmode></p><p>If even the army is loosing data then how comes that WotC is so sure about their security?</p><p></p><p>regards</p><p>sunmaster</p></blockquote><p></p>
[QUOTE="sunmaster, post: 4058242, member: 54722"] Okay, I was the one who began this thread - there on the Wotc forums - and I want to write my own 2cents here: I am also one of the many developers here on these forums. And therefor I know that this kind of "bug" is patched in no time. BUT: A) I always thought that the actual DDI - with the pages of Dragon and Dungeon - is a showcase of the coming - subscription based - DDI. In this case I would show my future customers that I take security very seriously. So no "&authentic=true"-Bug should slip through. B) I see the thinking of "the security in my applications is enough, I don't have to make more for it" more or less everyday in the field out there. This is just not true. You cannot do enough about security. Really, I have the fear that the DDI developers just think : "Oh, let them access it with "&authentic=true" now. We just patch it before going production. Then all things will be okay. People will be happy." And then at the day when DDI goes really online - with all the subscription services - all hell breaks loose. Do they really think, that people will not give away their accounts to brothers, sisters and good friends? Do they really think that no one will try to get the articles for which others paid for nothing? Do they really think no one will try to access the accounts which will be at the back of the printed books? To make it fair for the authors - who are and will be making their money with the content in DDI - by not let everyone access their texts, pictures etc. and the customers - who will pay for the content and support the authors - by only letting them access the content, you have to "test, validate, patch, test, validate ..." __today__ so that from the developers over the administrators to the customers, everyone will work on one line regarding the security after the "day one" of DDI. WotC has a special kind of customers: These people love to read and learn. It should be very easy to teach them how to help the devs and admins of DDI so that the security breaches will be minimized. Believe me, the most security breaches have their source in uneducated guesses. "Ohh, the laptop full of WotC customer data is secured by cryptography. I can take it with me to my home by bus. It is secure." You have to take the customers in such an app as DDI on board regarding the security of the system. Because if Joe-Anne is just giving up to her 11 year old brother Chris, who whined so long until he got the account data from her, and the next day he gave the account to this best friend Marc in school - just to make a presence before him that he has the account - then yo make what you want but accounts will be misused. But because Jow-Anne is a RPG freak - loving reading and learning - you can teach her __now__ how to use the acconts-. BUT to to THIS you have to implement the security now so that from the devs to the admins to the customers everyone can train. But in the end it the choice of WotC and their devs and admins what they want to do about their apps. Not my company, not my app(-suite) ... <trollmode>I am just waiting on slashdot for the message that data of 1.5M customers of WotC are stolen</trollmode> If even the army is loosing data then how comes that WotC is so sure about their security? regards sunmaster [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*Pathfinder & Starfinder
Printer Friendly Error
Top