80% (16)
20% (4)Well this post is directed towards the BYOND Feature request found here.
I'd like to express my opinions on why such feature should be implemented into BYOND.
Reason 1: This is extremely helpful to those running BYOND Related services (E.G ATP Host, BYOND Mail (If it was every re-created), any sort of BYOND utilities website) as it just make's logging into their BYOND key a lot more secure, and a lot more easier to implement than DMCGI(I hope).
Reason 2: Divine Traveller has mentioned how he is working on a game where all the character's information is dealt with via MySQL. It'd be great if a game like his or SuperAntx's Decadence could manage logins to their site using BYOND's own secure Authentication API.
Well that's all the reason's I have, but I'm sure there are many more, so just leave a comment if you can think of more benefits of such a system.
-- Qubic
ID:100744
 Aug 22 2010, 3:18 pm (Edited on Aug 22 2010, 3:44 pm)
|
|||||
Poll: Do you think BYOND should implement a Authentication API?
Login to vote.
| |||||
Except DMCGI is effectively dead and totally unsupported.
I understand the staff is busy, but simple features like this are precisely why they need to accept help from those of us willing to give it. | |
Implementing a login system is beyond the scope of accepting outside help anyway--it touches on too many security issues. Giving people more information about how to use the DMCGI login would be pretty useful though.
| |
Giving people more information about how to use the DMCGI login would be pretty useful though. Asking people to rely on a technology that isn't supported is not useful, never mind that said tech is finicky both to get working and to stay working. You already have the DMCGI login system which passes through BYOND and then gives a token back to the third party app. What will it take to modify this to work with PHP? Similar to what Nadrew has done with DMCGI/PHP working on his own servers, by setting some sort of cookie, except without needing DMCGI at all. What about CAS? What about OpenID/OAuth? Whether or not 'outside help' is acceptable in -this- case is irrelevant. In all the time since this feature has been requested, there are features that have been added that would've been 'acceptable' for 'outside help' to work on, while the 'inside workers' could have done this (or other sensitive features). How long did the yay/nay feature take to fully implement- you know, the one that you get complaints about all the time because it's abused constantly? The longer it takes for you guys to bring more people to help, that harder it's going to be for all involved. You have a community of people willing to aid you, and you completely deny them. It's absurd. | |
Airjoe wrote:
Giving people more information about how to use the DMCGI login would be pretty useful though. Since when? I've had the same DMCGI system working for like seven years, never once had it stop working. It was pretty damn simple to get setup too, anyone with beginner's knowledge of Linux can do it with ease. I've also never had one of the places I've gotten DMCGI working have it stop working 'just because'. I don't see where you're getting that it's finicky, it's worked pretty solid for me for a long time. | |
If you're talking about contributing without open source (because that discussion is firmly closed), that's one thing, but keep in mind it is not trivial to give people access to the source and in many cases even after we've done so the people involved have dropped out unexpectedly. Reliability has been a constant problem for us, even when people say they really want to help.
I don't know what it would take to implement logins via PHP. As far as Nadrew's system, you'd have to ask him about that. As I mentioned on the feature thread, I know nothing at all about CAS. OpenID is something we looked into a little and it seems to be something vaguely implementable in the future, and something along those lines is definitely on our list. | |
Airjoe wrote:
You have a community of people willing to aid you I don't doubt the willing part, but what's worth wanting to do something without being capable of doing it? And if you're talking about the BYOND community in the same sentence as capable professional software engineering, I'm no longer sure that we're talking about the same community. As for the feature itself, I support it as I think it would have various legal use, but it's one of these tricky points that is easily underestimated. You have to take into account what sort of people you're targeting with BYOND. There are enough members of this community that are astonished that BYOND isn't working, despite a critical error message during installation (an actual example from BYOND Help). I'm afraid to think what the 'black sheep' in this community would do with such a feature becoming more frequently used. I'm willing to bet you that the phishing attempts would generate a flood of angry support tickets. | |
What if there was a file created with the hashes creation on BYONDs server containing the key of the person the hash belonged to, and there was a php file to check if the hash exists in file form, and return the key if there was. With a cron job, or whatever to clean out the unused hashes (Not sure how cron jobs work, just throwing things out there.)
| |
I think it would be nice in the future I don't see them taking the time to do it anytime soon.