PROCUREMENT : The Ultimate Path Of Exile Companion Tool!

"

Yogabba wrote:

Omg I wouldn't touch this with a ten foot poll. I mean is anyone seriously going to type their password into a 3rd party program?

Well, not before making sure it doesn't go anywhere that you wouldn't want it to :)

http://i.imgur.com/Exnk181.jpg

(In case someone wonders, the second IP is a netDNA server (content delivery) accessed by http://webcdn.pathofexile.com/gen/image/ which is accessed by Procurement when downloading images on your computer).

IMO investigate, come with a proof then be negative about something... In the meantime, people are using this wonderful tool in a more or less restricted environment, depending on how much programming they know. I don't really know how to read advanced code, so I am using my trustworthy Russian friend Kaspersky, which I met in 2008 :)

"

kiorull wrote:

IMO investigate, come with a proof then be negative about something... In the meantime, people are using this wonderful tool

Bump

Bump

I think before you go about streamlining the update process, you should streamline the vetting process. Might add a couple days to the release schedule, but I think being able to point toward multiple coders who give the thumbs up for each release could alleviate the fear of a bit of password retrieval code getting slipped in once everybody becomes comfortable and content with the application's security.

"

gilrad wrote:

I think before you go about streamlining the update process, you should streamline the vetting process. Might add a couple days to the release schedule, but I think being able to point toward multiple coders who give the thumbs up for each release could alleviate the fear of a bit of password retrieval code getting slipped in once everybody becomes comfortable and content with the application's security.

Multiple coders have given it the thumbs up already.

At over 1000 downloads, there's a number of people that are interested in the new features, and have contacted us requesting them.

I'm talking about a streamlined vetting process for each update. Sure there are plenty of people who can confirm it's safe now, but if I were going to create such a program for illicit means, I would wait until everybody has accepted it to be safe, then silently roll an update that ships login information to an external server, silently update it again to cover my tracks, and benefit without anybody's knowledge.

Not saying you would do that. Just that, as long as there is a possibility that something like this could occur, it's too big a risk considering GGG'S policy on hacked accounts.

"

gilrad wrote:

I'm talking about a streamlined vetting process for each update. Sure there are plenty of people who can confirm it's safe now, but if I were going to create such a program for illicit means, I would wait until everybody has accepted it to be safe, then silently roll an update that ships login information to an external server, silently update it again to cover my tracks, and benefit without anybody's knowledge.

Not saying you would do that. Just that, as long as there is a possibility that something like this could occur, it's too big a risk considering GGG'S policy on hacked accounts.

What do you propose? Are you offering to review every release?

People are already looking at the code and confirming each release is safe, there are no automatic updates and the code is open so there's no way to "silently update it". There's not much more I can do from my standpoint.

Third party programs is how passwords gets stolen. Hidden in the "cool" tool you download

"

kiorull wrote:

IMO investigate, come with a proof then be negative about something... In the meantime, people are using this wonderful tool