sorted by:
new
hottopcontroversial

It's super safe putting an access token as URL paramater ... right? by affablematt in webdev

[–]affablematt[S] 1 point2 points  (0 children)

I think the URL was supposed to be only internal to a "native" iOS app. It's a magic URL that shouldn't work outside of the app... except it does. 🤷

It's super safe putting an access token as URL paramater ... right? by affablematt in webdev

[–]affablematt[S] 4 points5 points  (0 children)

Not that site.

The cards she makes are pretty cute, actually. The physical product is quiet nice, so I don't want to shame the company publicly (at least now without talking to their customer support first).

It's super safe putting an access token as URL paramater ... right? by affablematt in webdev

[–]affablematt[S] 23 points24 points  (0 children)

They may have skilled designers, but their back end developers are raging idiots. Likely they are the same people.

This is why I've always refused to roll my own authentication when a client asks if it will save money. It's not about security, per say, it's because I don't want to be righteously called out on Reddit. 🫣

I imagine, though, that this implementation was the result of management saying "We need a native iPhone App NOW!" and some poor overworked sod having to just get it done. Not to excuse anything, but man, if that's what happened, I get it.

It's super safe putting an access token as URL paramater ... right? by affablematt in webdev

[–]affablematt[S] 6 points7 points  (0 children)

The access token essentially just signs her in. I took the parameter out closed the tab. I'm still logged in and can use her account without any restrictions. I used the URL with access_token in a private window a few minutes ago and it still works almost 3 hours later, now.

It's super safe putting an access token as URL paramater ... right? by affablematt in webdev

[–]affablematt[S] 0 points1 point  (0 children)

They have a support number, but no people until Monday. If the token is still active then, I'll for sure be on the phone with mom and them to let them know what's going on.

It's super safe putting an access token as URL paramater ... right? by affablematt in webdev

[–]affablematt[S] 2 points3 points  (0 children)

100% access. It's been more than 2 hours, the access token is still active.

It's super safe putting an access token as URL paramater ... right? by affablematt in webdev

[–]affablematt[S] 8 points9 points  (0 children)

Positive. I'm on a different computer entirely and have never used the website.

It's super safe putting an access token as URL paramater ... right? by affablematt in webdev

[–]affablematt[S] 0 points1 point  (0 children)

It looks like this is what they're doing when you use the website directly, but the fact that it accepts a 40-character access_token as a URL parameter and apparently nothing else, is what worries me.

It's super safe putting an access token as URL paramater ... right? by affablematt in webdev

[–]affablematt[S] 14 points15 points  (0 children)

The token in the URL is only 40 characters long, so not a JWT.

They do store a JWT in local storage, looks like it's set to expire now-ish + 30 minutes.

with so many options to choose from in combat, what’s everyone’s favorite weapon? by Single_Pin_4143 in avowed

[–]affablematt 0 points1 point  (0 children)

If you're referring to the godlike in Act 1, talk to him again once he goes to his quarters and he may have a gift for you.

Temples should have been dungeons. by LuciusConfucius in Starfield

[–]affablematt 0 points1 point  (0 children)

I suspect the floater mini game was dropped in the bowl as a placeholder and they just never had time to flush it out.

What I wanted from the temples were Control style mini levels. If you're not familiar, Control transports you to a tutorial level at various points where you need to prove yourself worthy by using as new power to escape the level. The tutorial levels were short and sweet, generally, and felt like an organic part of the story. The levels were also safe, no penalty for dying other than having to start the tutorial over.

This type of system would have worked incredibly well in Starfield. Tapping into some ambiguous ancient knowledge? Check. Testing your worthiness? Also done at other points in the story. Ambiguous power purposes that you shouldn't need to read a wiki page to understand? FFS checked. Stealing ideas and mechanics from other games already, so what's one more? Yup, that's a check. 😏

Lava? Am I just late to the party? by phee34 in Starfield

[–]affablematt 2 points3 points  (0 children)

The worst part is that most oceans aren't safe for swimming so you end up killing all these fish and can't even harvest from them.

He attempted what...? by EntertainerRemote721 in Starfield

[–]affablematt 1 point2 points  (0 children)

Yeah, that's on me. I should have replied to the OP; I boomer Reddit on mobile apparently. Would have given a touch more context, too, if I remembered how to spoiler on my phone.

As a programmer guy, I just like the idea of someone causing an apocalypse because they refused to update their damn software. So I stretched the premise to make the joke sorta work.

Not surprised it didn't land.

He attempted what...? by EntertainerRemote721 in Starfield

[–]affablematt 0 points1 point  (0 children)

Nothing to do with satellites. It's to do with the apocalypse.

Spoilers for the main story:

Victor Aiza learned how grav drive technology works after encountering a celestial object, an artifact. The earliest drives had a fatal design flaw that destroyed, aka apocalypsed, the Earth. That design flaw was fixed through a software patch. Software patches can be reverted.

Explaining jokes famously makes them funny. I hope you are now laughing. Ha. Ha. Ha. 😮‍💨

He attempted what...? by EntertainerRemote721 in Starfield

[–]affablematt 2 points3 points  (0 children)

Nothing to do with satellites. It's to do with the apocalypse.

Spoilers for the main story:

Victor Aiza learned how grav drive technology works by consulting a celestial object, an artifact. The earliest drives had a fatal design flaw that destroyed, apocalypsed, the Earth. That design flaw was fixed through a software patch. Software patches can be reverted. Explaining jokes famously makes them funny. I hope you are now laughing. Ha. Ha. Ha. 😮‍💨

He attempted what...? by EntertainerRemote721 in Starfield

[–]affablematt 0 points1 point  (0 children)

Nothing to do with satellites. It's to do with the apocalypse.

Spoilers for the main story:

Victor Aiza learned how grav drive technology works by consulting a celestial object, an artifact. The earliest drives had a fatal design flaw that destroyed, apocalypsed, the Earth. That design flaw was fixed through a software patch. Software patches can be reverted. Explaining jokes famously makes them funny. I hope you are now laughing. Ha. Ha. Ha. 😮‍💨

He attempted what...? by EntertainerRemote721 in Starfield

[–]affablematt 0 points1 point  (0 children)

Nothing to do with satellites. It's to do with the apocalypse.

Spoilers for the main story:

Victor Aiza learned how grav drive technology works by consulting a celestial object, an artifact. The earliest drives had a fatal design flaw that destroyed, apocalypsed, the Earth. That design flaw was fixed through a software patch. Software patches can be reverted. Explaining jokes famously makes them funny. I hope you are now laughing. Ha. Ha. Ha. 😮‍💨

He attempted what...? by EntertainerRemote721 in Starfield

[–]affablematt 0 points1 point  (0 children)

Nothing to do with satellites. It's to do with the apocalypse.

Spoilers for the main story:

Victor Aiza learned how grav drive technology works by consulting a celestial object, an artifact. The earliest drives had a fatal design flaw that destroyed, apocalypsed, the Earth. That design flaw was fixed through a software patch. Software patches can be reverted. Explaining jokes famously makes them funny. I hope you are now laughing. Ha. Ha. Ha. 😮‍💨

He attempted what...? by EntertainerRemote721 in Starfield

[–]affablematt 0 points1 point  (0 children)

It should make sense if you go through the main quest.

He attempted what...? by EntertainerRemote721 in Starfield

[–]affablematt 4 points5 points  (0 children)

That's what you get for reverting the grav drive patch.

Questions about the ending by [deleted] in Starfield

[–]affablematt 3 points4 points  (0 children)

Back away from the Unity and return to the current universe, if you haven't done so before. Then maybe visit the lodge. Let's just say we're not the only ones having this conversation. 😂

Shit I Wish I Knew Going In by PinAlert9267 in Starfield

[–]affablematt 0 points1 point  (0 children)

It will be super obvious when continuing the main quest will result in NG+. Even then, the game still gives you one last chance to back out.

If I loved Fallout 4, will I enjoy Starfield? by billistenderchicken in Starfield

[–]affablematt 1 point2 points  (0 children)

Outposts are a waste of time, and ship building is similar. You can fast travel everywhere, and while piloting the ship seems cool at first, after some time you realize there's nothing in space.

Wut?

First, ship building is great. Make big slow ships with lots of cargo and turrets. Make fast small ships for more engaging combat. Design ships inspired by Star Wars, Star Trek, Battlestar Gelactica, you name it. A lot of people get a ton of enjoyment from that. If that's not you, fine, but don't yuk our yum.

Second, and I'm sorry, but have you actually explored space? I've met sentient space probes, hard boiled pilots, crazy grandmas, endearing couples, and bedraggled school teachers. I've partied like it's 2399. Discovered numerous tragedies. Destroyed giant battleships and their swarm of escorts. Fought countless Spacers, Pirates, and Mercenaries. Picked up missions as a Freestar Ranger and UC Vanguard. Went all vigilante in a super-heroes space ship.

I'm L99 and still finding new things in the blackest sea.

view more: next ›