Lt. Commander
Join Date: Jul 2012
Posts: 155
# 41
12-11-2012, 08:26 PM
Hmm ... yes, editing the character@user in the URL will show you someone else's things. I don't care if you see mine, but unless that is intentional, it is bad design. Not so bad here, but Citibank did it with CC numbers ... just change it in the URL and bam, access to someone else's account.

This will be a critical failure if this allows access to doffs and banks and mail ...

Security first, then you wont have to patch huge holes later, instead you will start with a solid wall.
Former PWE Community Team Lead
Join Date: Jun 2012
Posts: 9,046
# 42
12-11-2012, 08:34 PM
Quote:
Originally Posted by chivalrybean View Post
Hmm ... yes, editing the character@user in the URL will show you someone else's things. I don't care if you see mine, but unless that is intentional, it is bad design. Not so bad here, but Citibank did it with CC numbers ... just change it in the URL and bam, access to someone else's account.

This will be a critical failure if this allows access to doffs and banks and mail ...

Security first, then you wont have to patch huge holes later, instead you will start with a solid wall.
Being able to view other player's characters and BOFFs is akin to the original Captain's database -- please note that although you can see your Energy Credit and Dilithium totals, others can not while looking at your character.

Cheers,

Brandon =/\=
Brandon "BranFlakes" Felczer | Former Community Team Lead for Perfect World Entertainment
Starfleet Veteran
Join Date: Jun 2012
Posts: 42
# 43
12-11-2012, 08:59 PM
Quote:
Originally Posted by pwebranflakes View Post
Being able to view other player's characters and BOFFs is akin to the original Captain's database -- please note that although you can see your Energy Credit and Dilithium totals, others can not while looking at your character.

Cheers,

Brandon =/\=
The best thing here would be to give players the option of what they want to share kind of like Facebook does... if you want to share just your pic and bio, or is you want to share more like you equipment you can, or if you want to share nothing. Just a little check mark by each heading to allow it to be shared would work... if that's even possible it would be awesome.
"With the first link, the chain is forged. The first speech censored, the first thought forbidden, the first freedom denied, chains us all irrevocably." Jean-Luc Picard
Ensign
Join Date: Jun 2012
Posts: 9
# 44
12-11-2012, 09:09 PM
One of my VADM toons has the maximum number of BOFFs allowed via level + purchased slots from the C-Store. The Gateway is only showing the first 48.
Captain
Join Date: Jun 2012
Posts: 779
# 45
12-11-2012, 11:39 PM
Quote:
Originally Posted by chivalrybean View Post
Hmm ... yes, editing the character@user in the URL will show you someone else's things. I don't care if you see mine, but unless that is intentional, it is bad design. Not so bad here, but Citibank did it with CC numbers ... just change it in the URL and bam, access to someone else's account.

This will be a critical failure if this allows access to doffs and banks and mail ...

Security first, then you wont have to patch huge holes later, instead you will start with a solid wall.
You'll also note that if viewing one of your own characters, it says 'Welcome back <name>', whereas if you're looking at someone else's character, it says 'Personnel file for <name>', so Gateway knows that you're not looking at your own characters.

I'm quite happy we can see other people's characters, if I can't share links to my profile, or look at others, I would find it kind of pointless. I wouldn't mind if we could see skills and stuff too, like WoW's Armory, where you can see talents, and if you are the owner of the character, you have greater access, like handling auctions.
Ainu - Join Date: Aug 2008
Foundry Missions: 1) The Source of Power (ST-HSWUBD5TQ) [Federation] 16+
-----=====*****<[ Fleet Recruitment Thread ]>*****=====-----
Commander
Join Date: Jul 2012
Posts: 363
# 46
12-12-2012, 06:55 PM
Quote:
Originally Posted by pwebranflakes View Post
Being able to view other player's characters and BOFFs is akin to the original Captain's database -- please note that although you can see your Energy Credit and Dilithium totals, others can not while looking at your character.

Cheers,

Brandon =/\=
Hey how about we not allow the viewing of other people's set ups, and specific strategies being used against one other team in team pvp matches.

Kind of lame to be honest.. There's the whole intrigue of keeping a build and strategy to yourself when pvping..

I think this shouldn't even be allowed, in fact I think this is just a tough sell for you guys to even call it a feature at this point.

What I spent my money on, shouldn't be available for others to view.. It's personal..
Former PWE Community Team Lead
Join Date: Jun 2012
Posts: 9,046
# 47
12-12-2012, 07:24 PM
Hi Captains,

Thanks for the continued feedback -- we're monitoring this thread and this one for feedback, and this thread for bugs.

Based on feedback, we plan on providing a way to allow you to "hide" your characters' profiles so they won't be seen by others, if you so choose. Please watch patch notes for this update.

Cheers,

Brandon =/\=
Brandon "BranFlakes" Felczer | Former Community Team Lead for Perfect World Entertainment
Captain
Join Date: Jun 2012
Posts: 3,282
# 48
12-12-2012, 07:33 PM
I'm sure I'd love it if I could actually access it. When I try to load it, it goes "Accessing Secure Personnel Files; Please Wait..." and stays like that until I give up and close the window.
"It's not safe out here. It's wondrous, with treasures to satiate desires both subtle and gross. But it's not for the timid."
-- Q
Starfleet Veteran
Join Date: Jul 2012
Posts: 23
# 49
12-12-2012, 08:00 PM
with me it shows a deleted toon too..
Buoyancy
That fine line between ship or submarine
Empire Veteran
Join Date: Jun 2012
Posts: 63
# 50
12-12-2012, 08:23 PM
Mail function please It's looking good otherwise
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -7. The time now is 11:35 PM.