• Facepunch for iOS - COMING SOON
    958 replies, posted
[QUOTE=Tangara;30119503]That's somewhat similar to my idea, but Hexxeh hasn't responded. There's a simple fix too.[/QUOTE] Simple Fix like what, Not give out any api keys ?
[QUOTE=ColdFusion;30119831]Simple Fix like what, Not give out any api keys ?[/QUOTE] the app goes through hexxeh's server
[QUOTE=Tangara;30119862]the app goes through hexxeh's server[/QUOTE] Is the API different ?
where's the ticker?
That's why API keys aren't freely available. Proxying it doesn't help, since the proxy could be patched out. I could possibly enforce the upgrade with all API keys, but I'd rather not. Everything hinges on the API key, and since I control who gets those, it's not a problem.
[QUOTE=Tangara;30119862]the app goes through hexxeh's server[/QUOTE] I smell a DNS/Account caching exploit. [editline]29th May 2011[/editline] Fucking ninja'd by the man himself.
With this amount of people looking to buy the app, and you taking 70% of the profits, this app will earn you and Garry around $854! Thats not to mention all the people who will buy it once they see how great it is. Not bad for school coursework.
Hexxeh, what happens if your server is down? I was going to buy the app but I'm not so sure I want to if I have to rely on your server being up as well as facepunch itself.
[QUOTE=Orinkota;30133731]Hexxeh, what happens if your server is down? I was going to buy the app but I'm not so sure I want to if I have to rely on your server being up as well as facepunch itself.[/QUOTE] if his server is down you'll get a connection error as it won't be able to check your account, so you can't purchase
I would say it would be nice if the app could cache if your account has access or not for like a few days, but I smell exploits.
How much will the app be?
[QUOTE=Dorkslayz;30138934]How much will the app be?[/QUOTE] Free But you have to pay $5 to upgrade your account for use on the app
[QUOTE=ManningQB18;30139797]Free But you have to pay $5 to upgrade your account for use on the app[/QUOTE] can you use your itunes account?
[QUOTE=Ac!dL3ak;30141711]can you use your itunes account?[/QUOTE] Yarp
Will there be any special features if you pay to upgrade other than be able access your account via the app?
[QUOTE=Forumaster;30138906]I would say it would be nice if the app could cache if your account has access or not for like a few days, but I smell exploits.[/QUOTE] Interesting idea, I could add login callback caching to the Facepunch API. If it becomes a problem I'll do that, but my servers are pretty damn reliable. My servers being down just means that we can't process new logins, existing sessions are fine.
Is there a system to send you Push Notifications when you receive a PM?
[QUOTE=Hexxeh;30148560]Interesting idea, I could add login callback caching to the Facepunch API. If it becomes a problem I'll do that, but my servers are pretty damn reliable. My servers being down just means that we can't process new logins, existing sessions are fine.[/QUOTE] But wouldn't it be possible for someone to manipulate the file or whatever to last forever (well that wouldn't be much of a problem) or to make it work for someone else's account?
[QUOTE=ManningQB18;30148880]Is there a system to send you Push Notifications when you receive a PM?[/QUOTE] Not yet. [QUOTE=Forumaster;30148995]But wouldn't it be possible for someone to manipulate the file or whatever to last forever (well that wouldn't be much of a problem) or to make it work for someone else's account?[/QUOTE] No, not unless they had access to the Facepunch server somehow...
Wait, how does the whole authentication thing go (if you don't mind me asking). Just guessing, I'd say something like: i. When someone upgrades, it notifies your server . 1. Someone signs into Facepunch App 2. App asks your server if the account is upgraded 3. Server says yes/no 4. App saves a cache file of upgrade status 5. FP server then allows app browsing access if the user has upgraded (app sends API key?).
When you buy the upgrade, Apple gives you a receipt. This is signed and you can't tamper with it. Your client then sends this to my server to show that you've bought the upgrade. My server then sends it to Apple to check you didn't tamper with it, and that it's a receipt for my upgrade. If that all checks out okay, your account is added to a list of upgraded accounts on my server and that receipt is stored and marked as used. When you login with the application, Facepunch server makes a request to my server to check if you're allowed to login. If my server says yes, the login request goes through and you have a new session. If it says no, you get an upgrade required message (see above).
Hmm, the only potential exploit I see in that is if someone were to somehow manipulate the session cache. I mean, will the FP server check to ensure that the session is valid and not tampered with?
Um, what are you talking about. There is no "session cache". Logging into the application is just like logging into the website, you get a session key that's valid for a limited amount of time but can be kept alive by making new requests. Same deal with the application, except when you login, we check you own the app...
I mean making the app think it's already logged in, so it doesn't bother doing an actual login with the FP server, and also extending that limited session so that it thinks it lasts forever. Would that work?
[QUOTE=Forumaster;30150870]I mean making the app think it's already logged in, so it doesn't bother doing an actual login with the FP server, and also extending that limited session so that it thinks it lasts forever. Would that work?[/QUOTE] No, because without a valid session the API won't let you do anything.
My load times on my Droid 2 are just as fast as the app, iphone is bad.
[QUOTE=DivusPennae;30151183]My load times on my Droid 2 are just as fast as the app, iphone is bad.[/QUOTE] That's nice. And?
[QUOTE=DivusPennae;30151183]My load times on my Droid 2 are just as fast as the app, iphone is bad.[/QUOTE] :downs:
[QUOTE=DivusPennae;30151183]My load times on my Droid 2 are just as fast as the app, iphone is bad.[/QUOTE] I forgot it has nothing to do with your network speed either :downs: And somehow I doubt that anyway.
[QUOTE=DivusPennae;30151183]My load times on my Droid 2 are just as fast as the app, iphone is bad.[/QUOTE] [img]http://www.facepunch.com/image.php?u=208394&dateline=1296791358[/img]
Sorry, you need to Log In to post a reply to this thread.