Do not share POESESSID values with other people
" Except that to make a guide someone actually needs to play the game and check if everything is working. There are many guides out there made by people who didnt even play said build and just PoB thinking it works. Same with updating said guides, people update guides from patch to patch without trying them out, they just tick few things in PoB and job done. |
|
" There are people who do it. I've seen Mathil use it, people on friendly discord channel also do it. |
|
" Thanks for the info, wasn't aware of that feature in PoB. |
|
" It takes too much time and compute power to brute force one session ID, so no hackers will ever try to do that. Despite what most people are saying here, 2FA would not protect you, simply because you need to first login (and so complete the 2FA) on GGG's website to then manually give the session ID to a 3rd party app. Meaning, at that point they could do anything they want with it, cause you basically authorized them to do so on behalf of you (bypassing 2FA basically). It's exactly like if you open up your bank account and give it to someone else and cross you finger that they won't simply just spend all of your money. GGG's solution of using OAuth is the way to go here for 3rd party tools, not 2FA, because you can customize the access you grant and revoke them easily, instead of blindly giving up your whole account. 2FA is only a end-user protection, but it doesn't apply to the 3rd party actors. |
|
I read Posiedon... I'm like "THE GOD OF THE SEA!?" :O
|
|
" Not to add to much fuel to this dumpster fire, but just a few examples would be easily seen in ESO, and New World. If you think selling bots here in this game are bad/annoying, just imagine Buying bots in an auction house. Every item you want at a decent price INSTANTLY sniped. Every time you go to buy / sell something the same item is priced under/over your order INSTANTLY for +/- 1 chaos. The grass is always greener on the other side of the fence, and in this case a lot of people don't think about just how bad it could be. Yes there are benefits to an AH, but there SO many downsides as well. Again, you can see just these few examples in current AH games. Last edited by JediWabbit#3091 on Dec 14, 2022, 4:31:51 PM
|
|
perhaps GGG should take more responsibility for their game and provide more tools for the community to use?
not using 3rd party apps like PoB, Exilence Next et al renders the game nearly unusable. Shouldn't be the burden of the community to provide most of the functionality for the game. Sigh. |
|
" This is a security abuse, to do that are other methods mentioned. " Maybe there is need of implementation of disconnecting from all machines. " There is nothing to do with that. There is a problem with authentication abuse of an application in forbidden way. " To do that are official methods, there is no need to use security risk method not allowed, and officially known as wrong. 🌞 Designer of SimpleFilter see My Item Filters 🌞 🌞 I treat PoE as an art 🌞 Last edited by koszmarnica#7777 on Dec 14, 2022, 6:49:12 PM
|
|
" Litteraly no one said that. I only know 2 tools that uses POESESSID : Chaos recipe enhancer, and 1 functionnality of PoB. U can play without Chaos recipe enhancer, it's not necessary (If u really want to use it, just get the filter and then reset the POESESSID), and on PoB it's a niche feature I think (I don't use it, I don't know if it's reallt that useful), but you can use PoB without using it, and so without providing the POESESSID |
|
What the hell kind of security review does your sites and services go through to allow such a useful value be easily obtained in a few clicks?? As a software engineer I would never save a key like that on the client. If it HAS to be stored in the client, encode it as a JWT signed with a secret that only you have! This is web dev 101 folks.
Last edited by MastaSp3kta#4927 on Dec 15, 2022, 11:52:00 AM
|
|