We are currently investigating issues some players are having on the megaservers. We will update as new information becomes available.
We are currently investigating issues some players are having with the ESO Store and Account System. We will update as new information becomes available.

Malicious Mail Add-On

ZOS_ChipHilseberg
ZOS_ChipHilseberg
✭✭✭
Hey all. I wanted to let you know that this is on our radar on the code side and we've been discussing it internally. We of course believe in protecting players from malicious add-ons. However, it is also important to acknowledge that security often comes at the cost of restricted functionality. By making the mail attachment functions private would could prevent this behavior in the future. However, this would also prevent any sort of automated item or gold mailing add-on. In this particular case, it may be worth sacrificing the functionality for extra protection, but I first wanted to ask your opinions on the value of having accessible functions for managing mail attachments specifically. How useful are they to your existing or planned add-ons?
Staff Post
  • redspecter23
    redspecter23
    ✭✭✭✭✭
    ✭✭✭✭✭
    I think it really depends exactly what sort of functionality would be effected.

    If it only effects mail addons that make use of attachments, it may be worth the sacrifice. If it extends beyond that to addons such as mailr (which I consider an absolute necessity as a GM) then I hope you'll explore another option instead. Perhaps incorporating many aspects of mailr into your standard UI so the addon is not so necessary for things such as tracking sent mail, guild wide mailing and an option as simple as a reply button.
    Edited by redspecter23 on December 5, 2014 7:50PM
  • Focus23
    Focus23
    ✭✭
    I have been developing a new guild mailer addon because MailR is currently the only one available and it does not function reliably. As the GM of 3 full trade guilds, a guild mailer addon is an absolute necessity to effectively communicate with my members about guild events and Teamspeak meetings. Restricting access to any of those functions would be detrimental to the community.

    To answer your specific question, functions for managing mail attachments are not needed. I actually consider the ability to auto-send gathered items as attachments in mail to be a form of macro/botting, so I personally recommend restriction of mail attachment functions. I think that is a valid security measure as long as it does not prevent us from effective guild communication.
    @Focus23 | NA Trade GM
    Elder Scrolls Exchange | Red Nirn Reserve | Dead Nirn Dealers | Direnni Dynasty
  • Deome
    Deome
    ✭✭✭
    Is there a way to privately/internally add a "Send Gold?..." confirmation dialog before attempting to send mail (containing gold, obviously)? That might be a way to prevent surreptitious mailings of gold in malicious addon code, so long as it's not possible (or, at least, incredibly difficult) to disable the confirmation dialog through the API.

    It could also help with detection/reporting, as folks log in and suddenly see a confirmation dialog to send all their gold to @malicioususername.
    Deome
    Loremonger, Addon Developer (DataDaedra, etc.), Ministry Malcontent

    "I am alive because that one is dead. I exist because I have the will to do so." --Now-Last, "Boethiah's Proving"
  • Beesting
    Beesting
    ✭✭✭✭
    @Deome‌ i just updated your shopkeeper addon this morning with minion, and now it is broken. I hope you can fix it soon. I did not mind it sometimes took an hour to update, your version did not crash my game as much as the original one did.
    Thank you!
    22xfde.jpg
    Edited by Beesting on December 6, 2014 1:15PM
    Beesting, Bosmer Magica DK, AD EU, crafter
    Slager, Dunmer Magica DK, DC EU, pvp
    Farmer, Dunmer Magica DK, AD EU, trials build

    Every major patch looks like the end of the world but somehow i just cannot stop playing.
  • kelly.medleyb14_ESO
    kelly.medleyb14_ESO
    ✭✭✭✭✭
    I think it really depends exactly what sort of functionality would be effected.

    If it only effects mail addons that make use of attachments, it may be worth the sacrifice. If it extends beyond that to addons such as mailr (which I consider an absolute necessity as a GM) then I hope you'll explore another option instead. Perhaps incorporating many aspects of mailr into your standard UI so the addon is not so necessary for things such as tracking sent mail, guild wide mailing and an option as simple as a reply button.

    Agree, more of these issues would be moot if you guys implemented more in house features that are deemed rather standard these days.
    Focus23 wrote: »
    I have been developing a new guild mailer addon because MailR is currently the only one available and it does not function reliably. As the GM of 3 full trade guilds, a guild mailer addon is an absolute necessity to effectively communicate with my members about guild events and Teamspeak meetings. Restricting access to any of those functions would be detrimental to the community.

    To answer your specific question, functions for managing mail attachments are not needed. I actually consider the ability to auto-send gathered items as attachments in mail to be a form of macro/botting, so I personally recommend restriction of mail attachment functions. I think that is a valid security measure as long as it does not prevent us from effective guild communication.

    Agreed.
Sign In or Register to comment.