This is probably a stupid question since it would pose a big security vulnerability, but with all the settings one can make in UniAdmin to synchronize with UniUploader, the username/password of the roster still has to be entered by every user manually, is that correct?
I'm just a bit confused with the "Additional variable" fields, not sure what they are used for exactly.

No, not a stupid question, just one that has to be clarified.

You're talking about these fields, right ? :



Actually, their usage is very easy to understand.

A 'normal' guild member never has to deal with these fields, no need to fill in anything. Even if they fill in something, no problem.

As you already know, a officier from your Guild (any Officier) who has also installed the WoW addon named GuildProfiler needs to enter a password here so the Guild information in his CharacterProfiler.lua file will be taken in account when uploading manually.
I'm talking about this place :



Now, the question is : If you use UniUpLoader, you won't be typing in the Guild update password, and its rather logic that UniUpLoader has to communicate the Guild-Roster-Update password for you.

Up to you to distribute the Officier-Guild-Update password to your Offcieir Guild membres (of cours, tell them that they should install the addon GuildProfiler also).

I think I do need to say anything more about the subject - you just got the entire picture

If not : in UniUpLoader, check one case in "Additional Variables"
Name the first field password (8 lettres) and in the second you fill in the password used to handle the Guild-Roster-Update.
In that case the Guild info, if present in the CharacterProfiler.lua file will be used to update the entire roster.

I use this way of updating for my Guild Roster already for more then two years now. Works great.

There is never any need to use your WoW Game credentials, nowhere and never.
These should be used to enter the game and to acess your account ones in a while.

I would like to add : never use your WoW Game credentials on a public computer, or a computer that you do not trust. Period.
Not even to enter the Armory (because you have WoWRoster ).

Ok, I think I'm starting to understand this. Just one more thing to clarify:
When you're in Simple Mode, which probably most normal users are, there are only two tabs and the only important one is the "Settings" tab. In this tab, there is an area called "Upload Access". Does this have the exact same function as the "Additional Variables" area, which is only available in Advanced Mode?

One more thing I don't understand: On our Roster even the normal guild members have to enter a password to upload their data. But if I distributed that password through UniAdmin, basically everyone who got the URL to UniAdmin would be able to retreive the password, right? So when it comes to the passwords (guild member, officers, admins), everyone should enter the password manually, to make it a bit safer.

tuigii wrote:There is never any need to use your WoW Game credentials, nowhere and never.
These should be used to enter the game and to acess your account ones in a while.

I would like to add : never use your WoW Game credentials on a public computer, or a computer that you do not trust. Period.
Not even to enter the Armory (because you have WoWRoster ).

I know, I was just talking about the Roster password, not the password of your WoW Account.

Chiba wrote:Ok, I think I'm starting to understand this. Just one more thing to clarify:
When you're in Simple Mode, which probably most normal users are, there are only two tabs and the only important one is the "Settings" tab. In this tab, there is an area called "Upload Access". Does this have the exact same function as the "Additional Variables" area, which is only available in Advanced Mode?

Well....
You're right !!
If you look at my first image above, then it will be the first line that will be used - not the second. Right now, mine is grayed out, and has values as : username and UserName
The final result will be the same.

I discovered actually today that simple mode existed
I always use Advanced mode ... dono why.

Chiba wrote:One more thing I don't understand: On our Roster even the normal guild members have to enter a password to upload their data.

Hummm..
Could find what provokes this. Something isn't set to default, that for sure.
There is no real need to protect upload like this.
Information in the Characterprofiler is already filtered, your Guid name and your realm name should be in it.
The time stamp should be correct.

It's true that some one that knows how to search & replace with a good text editor (this time I'm NOT talking about notepad ;-)) COULD replace a toon in about any WoWRoster.
I used this 'feature' a couple of time to help people testing their setup.
You make references to a feature I don't know about .... funny.

Chiba wrote:But if I distributed that password through UniAdmin, basically everyone who got the URL to UniAdmin would be able to retreive the password, right?

That's the way to go.
UniAdmin rocks if used with UniUpLoader.

Chiba wrote:So when it comes to the passwords (guild member, officers, admins), everyone should enter the password manually, to make it a bit safer.

Bof.
Admins, yes, no need to access the roster with in an automated way.

WowRoster isn't something that stores real private information - you could wipe your entire SQL database - init it again (30 sec), phone all your Guild members to go online right now, update their files - make them upload, and several minutes later your roster is back up again.

Understand that the roster does not maintain something that is related to Toon's history - it only keeps the actual toon related issues.
The roster can't be used to see what quests a toon did in his live, or other past information (achievements changed this some what).

This is the reason that I do not backup my WowRoster SQL tables.

PS : Guild History might be an exception, but not very useful anyway.

Most of my members use UniUpLoader (Vista broke this somewhat, they say that Uni or Vista stinks...... because they don't know anything about file protection and/or their OS, but that's not really the case, neither their fault ^^)

Note that I handle my Guild forum (CMS) not like this way.

tuigii wrote:I know, I was just talking about the Roster password, not the password of your WoW Account.

Ok, ouf

Passwords should be treated as password, but by now you understand that the WOWRoster passwords do not have the same value as your mail or WoW credentials. Thats one of the good points of WoWRoster : no security issue is being modified or created.

PS : real paranos could mention the fact that the concept of UniUploader introduces a potential risk (and then these same guys switch to WowMatrix - lol), but hey, stop playing WoW and you will be the winner

The upload password for character data can be used for multiple purposes. On a normal single-guild setup, it will prevent people who don't know the password from uploading fake data. If there is no protection, there is nothing keeping a stranger from vandalizing your wowroster entries.
This password can also be used as an alternative to upload rules (Set upload rules to allow all characters on a realm, then only give your group of friends the upload pass).

PleegWat wrote:The upload password for character data can be used for multiple purposes. On a normal single-guild setup, it will prevent people who don't know the password from uploading fake data. If there is no protection, there is nothing keeping a stranger from vandalizing your wowroster entries.
This password can also be used as an alternative to upload rules (Set upload rules to allow all characters on a realm, then only give your group of friends the upload pass).

That's exactly why I don't want to distibute the password through UniAdmin to UniUploader, but rather hand it out only to guild members, who will then have to enter it manually. Just feels safer that way.
Currently I'm only synchronizing the Update URL, Logos and the URL to the Forums, I guess that should suffice for now.