Jump to content
Keileon

Adjust how hatcheries can use API

Recommended Posts

So a post TJ just made inspired me to suggest this.

 

14 hours ago, TJ09 said:

Making a news thread is easy enough that the time needed is irrelevant. That said, I have always maintained that Dragon Cave is not responsible for third-party sites and thus it doesn't make sense to treat happenings on those sites as official news.

 

If a site is doing abusive things (i.e. enabling people to add eggs without the owner's consent), that's grounds for revoking API access and potentially blocking links from that site.

Emphasis mine.

 

Now-- I don't know how POSSIBLE this is, but maybe the API can be adjusted to make it so that a hatchery can only add eggs if the user's scroll is set to accept aid? Currently that setting is more or less pointless, as from what I've observed there's a LOT of players who specifically need to put in their signatures not to add their eggs to hatcheries.

 

While it wouldn't eliminate viewbombing entirely, it should mitigate it quite a lot. If the user wants to add their eggs to a hatchery, they can just briefly set their account to accept aid.

 

Leaving the above for posterity's sake!

 

Better suggestions that came up:

 

* Require users to secure the scroll by logging in to DC via the hatchery (similar to DragHatch, EATW)

** Hatcheries in this case could set a cookie to allow the user to stay logged in, so they don't have to keep doing it

** Con: Extra work for hatchery owners, some may be left behind due to owner inactivity or site structure

 

* (Put forward by TJ) Allow the API login feature to see hidden scrolls

** Con: Doesn't actually address the issue of consent if the user's scroll isn't hidden

 

 

Things no current solution addresses:

 

* The ability to viewbomb an egg by its code

* Viewbomb attacks on entire hatcheries

Edited by Keileon

Share this post


Link to post

I feel like the only real way to prevent viewbombing is on the hatchery end. Hatcheries that require registration to use, and only allow you to register one scroll to yourself that you can add and manage would largely solve the issue. The only problem I see there would be people impersonating others.

Having to put my scroll on 'accept aid' every time I want to add things would drive me mad. Fog/unfog all seems more feasible to me.

Share this post


Link to post

I would not want to go to the effort of switching to accepting aid just to add my scroll to hatcheries and I definitely do not want to register my scroll for every hatchery either.

Share this post


Link to post

I don't think the "Accept Aid" option is necessarily appropriate here--adding eggs yourself doesn't imply that you "need aid" in raising them, you're just playing the game.

 

The idea I've tossed around is to make the API login feature able to load hidden accounts. Right now, the API has access to the same information people do, so if you hide your scroll hatcheries can't see anything about it. This is both good (others can't add your eggs somewhere) and bad (see above: you can't add your eggs).

Share this post


Link to post

I think that'd also be a good solution, though from what I understand not all hatcheries would have that safety measure?

Share this post


Link to post
Just now, Keileon said:

I think that'd also be a good solution, though from what I understand not all hatcheries would have that safety measure?

 

Hatcheries that don't support login wouldn't be able to access hidden accounts, no. But that doesn't really bother me, since I'm of the opinion that all hatcheries should use the login feature instead of having an unverified text box.

Share this post


Link to post

As far as I know, hiding your scroll wouldn't stop anyone who already knows your scroll name, if hidden accounts are able to be added. Scroll names are also displayed on trades regardless.

Share this post


Link to post

Ah, no, there's a difference between hiding your scroll and hiding your name on your dragons. Hiding your scroll means no one can find it, even if they have your username.

Share this post


Link to post
4 minutes ago, Keileon said:

Ah, no, there's a difference between hiding your scroll and hiding your name on your dragons. Hiding your scroll means no one can find it, even if they have your username.

I know that, but hiding the scroll is what I assumed he was referring to. I see many people with hidden names, and I doubt they'd do it if it meant they had to unhide their name every time they added themselves to a hatchery.

Share this post


Link to post
1 minute ago, Dragon_Arbock said:

I know that, but hiding the scroll is what I assumed he was referring to. I see many people with hidden names, and I doubt they'd do it if it meant they had to unhide their name every time they added themselves to a hatchery.

I think I might be tired, because I don't really understand what your point is. You can add your scroll to hatcheries with a hidden name-- that has nothing to do with the scroll being hidden. What TJ is referring to is making the API login able to locate a hidden scroll-- something only the owner of that scroll can do, at this point. The username has nothing to do with it?

 

I'm likely just grossly misunderstanding, sorry. It's late.

Share this post


Link to post
2 minutes ago, Keileon said:

I think I might be tired, because I don't really understand what your point is. You can add your scroll to hatcheries with a hidden name-- that has nothing to do with the scroll being hidden. What TJ is referring to is making the API login able to locate a hidden scroll-- something only the owner of that scroll can do, at this point. The username has nothing to do with it?

 

I'm likely just grossly misunderstanding, sorry. It's late.

 

I think I missed the 'only ones that support login' part. Though I'd have to ask how that works and how you stop someone from registering a scroll that isn't theirs before the user can.
Unless login means log into dragcave.net inside the hatchery website.

Share this post


Link to post

I'm thinking it'd be handled the same way EATW handled the trade hub-- it had you log into DC itself, not into the hatchery site.

Share this post


Link to post

The way DragHatch currently works is how I wish all hatcheries would work, and it would solve a lot of issues if they did. You 'secure' your scroll (I believe by logging into DC from DragHatch, I don't really remember), and then every time someone goes to add your scroll it shows as secure and asks you to log in. I know that would be a pain if every single hatchery required that, but I do think it would solve a lot of issues (although the problem then arises of no one being able to help your dragons if you *want* them to, like 'scroll sitters' and such). 

 

I do *not* want anything like the OP, where you have to change settings on DC every single time you want to add your dragons to a hatchery. That is wayyyy too much work and too complicated when all we actually need is more control over our own scroll. 

Share this post


Link to post

I've adjusted the OP to reflect the other ideas that came up!

Share this post


Link to post

To be honest, logging in every time I wanted to fiddle with the things on my scroll and enter them into a hatchery or adjust which things were ER or now would be an absolute pain. I tend to use AoND a lot to just check the stats of my eggs, see if something is worth incubating or not, or if it's close to ER when I think it should be. If I had to log in every single time I wanted to fiddle with my scroll I'd get annoyed pretty quickly. Having to log in is one of the main reasons I don't use DragHatch much, if ever. I used to use EATW somewhat frequently, but only when I was playing DC very lightly, and usage dropped off when I became more involved in the game. 

Share this post


Link to post
4 hours ago, Spitfyre said:

To be honest, logging in every time I wanted to fiddle with the things on my scroll and enter them into a hatchery or adjust which things were ER or now would be an absolute pain. I tend to use AoND a lot to just check the stats of my eggs, see if something is worth incubating or not, or if it's close to ER when I think it should be. If I had to log in every single time I wanted to fiddle with my scroll I'd get annoyed pretty quickly. Having to log in is one of the main reasons I don't use DragHatch much, if ever. I used to use EATW somewhat frequently, but only when I was playing DC very lightly, and usage dropped off when I became more involved in the game. 

That's where cookies/autofill come into play. I think? If the site generates cookies that let you stay logged in on that site.

DragHatch doesn't use any "login" feature, from what I see right now, it just requires the scroll name like any other hatchery...?

Edited by Orchi'dea

Share this post


Link to post
6 hours ago, TJ09 said:

I don't think the "Accept Aid" option is necessarily appropriate here--adding eggs yourself doesn't imply that you "need aid" in raising them, you're just playing the game.

 

The idea I've tossed around is to make the API login feature able to load hidden accounts. Right now, the API has access to the same information people do, so if you hide your scroll hatcheries can't see anything about it. This is both good (others can't add your eggs somewhere) and bad (see above: you can't add your eggs).

 

6 hours ago, TJ09 said:

 

Hatcheries that don't support login wouldn't be able to access hidden accounts, no. But that doesn't really bother me, since I'm of the opinion that all hatcheries should use the login feature instead of having an unverified text box.

 

If this worked in that way - yes. As long as you could CHOOSE whether to "secure your scroll" as daghatch does.

 

5 hours ago, HeatherMarie said:

The way DragHatch currently works is how I wish all hatcheries would work, and it would solve a lot of issues if they did. You 'secure' your scroll (I believe by logging into DC from DragHatch, I don't really remember), and then every time someone goes to add your scroll it shows as secure and asks you to log in. I know that would be a pain if every single hatchery required that, but I do think it would solve a lot of issues (although the problem then arises of no one being able to help your dragons if you *want* them to, like 'scroll sitters' and such). 

 

I do *not* want anything like the OP, where you have to change settings on DC every single time you want to add your dragons to a hatchery. That is wayyyy too much work and too complicated when all we actually need is more control over our own scroll. 

 

Yes that's exactly how it works if you choose to use it "securely"..

 

36 minutes ago, Orchi'dea said:

That's where cookies/autofill come into play. I think? If the site generates cookies that let you stay logged in on that site.

DragHatch doesn't use any "login" feature, from what I see right now, it just requires the scroll name like any other hatchery...?

 

Yes and no. At the top you can choose to "secure your scroll." If you don't, it works like all the others. If you DO, you have to log into your scroll to use it. And as far as I know, once you are "secure", while you can't ADD anything if your scroll is hidden, anything you have already put in here will continue to get views.

 

The only issue I have with all this is that anyone who knows the code of something you have on your scroll (as in someone who lost out on a trade) can add that code to a sig n a high traffic site and so on. And that DOES work even if your scroll is hidden.

Share this post


Link to post

Allowing a user who verified themselves to a given fansite as the owner of a scroll to access their HIDDEN scroll via DC login would just be awesome.

 

Generally requiring fansites to ask for such a verification is something I'd like as well. Unless someone is habitually clearing all cookies all of the time (or using only public computers), that shouldn't be such an issue either. Each fansite would set a cookie after DC login and thus allow you handling your growing things smoothly without you having to log in every single time.

Share this post


Link to post

This would definitely cut off easier ways to viewbomb, though possibly cause problems (hatchery developers needing to do significantly more work, and I think some are inactive, and it'd be slightly annoying to log in sometimes). On the other hand, given the fact that, as Fuzzbucket said, you can just post eggs on any other high traffic site or use ARing, this won't fix the whole issue like removing sickness or something would.

Share this post


Link to post
4 minutes ago, osmarks said:

hatchery developers needing to do significantly more work

I don't think it's that much additional work, after they already put up a database for all the entries, the refresher pages, the selection forms etc.

But I guess you could ask @evina how much it really is/was.

Share this post


Link to post
Just now, Ruby Eyes said:

I don't think it's that much additional work, after they already put up a database for all the entries, the refresher pages, the selection forms etc.

But I guess you could ask @evina how much it really is/was.

Already having done quite a bit of work doesn't really mean that there's no extra work. Since no hatchery appears to be open-source, it's kind of hard to actually check. To be fair, it would be a one-time thing, unless the API changes.

 

Looking at the API documentation, I guess how complex it would be to support depends a lot on how your hatchery is structured.

Share this post


Link to post
10 minutes ago, osmarks said:

doesn't really mean that there's no extra work

I didn't say NO extra work, I said NOT THAT MUCH.

Thank you for reading.

Share this post


Link to post
3 minutes ago, Ruby Eyes said:

I didn't say NO extra work, I said NOT THAT MUCH.

Thank you for reading.

Yes, I did read that. It's just that it's not going to be some fixed amount of work, and some hatcheries will probably be left behind.

Share this post


Link to post
6 hours ago, Fuzzbucket said:

Yes and no. At the top you can choose to "secure your scroll." If you don't, it works like all the others. If you DO, you have to log into your scroll to use it. And as far as I know, once you are "secure", while you can't ADD anything if your scroll is hidden, anything you have already put in here will continue to get views.

Oh. OH, I see it now that you mention it. It's so small and easy to ignore, especially when you're in a hurry to add stuff and run .w.

Share this post


Link to post

Wow, I had no idea it was possible with the current API to enable 'login to Dragon Cave' to use a hatchery. I had no idea there are already hatcheries that do this. 

 

And I have NO IDEA why this is not the standard and even mandatory! Wouldn't this literally solve all the viewbombing problems? And you can just stay logged in with cookies, just like you do on Dragon Cave. 

Share this post


Link to post


  • Recently Browsing   0 members

    • No registered users viewing this page.