[sldev] Re: Viewer Auth Feedback

Dale Glass dale at daleglass.net
Wed Oct 3 05:32:14 PDT 2007


On Wed, Oct 03, 2007 at 07:16:23AM +0200, dirk husemann wrote:
> >> Personally, I'd like to get out-of-band confirmation for the exercise of
> >> capabilities. An email with a link, for example, before rezzing an
> >> object, or doing anything that debits my account, or much else other
> >> than walking and talking. So I can configure which ones are always on,
> >> never on, or that the system has to ask me out-of-band to grant for the
> >> rest of the session.
> hmm...getting an email for rezzing objects sounds to me a
> bit...well...clunky. and it certainly breaks any immersive experience.
> not sure we want that (well, i don't for one).
Doesn't have to be mail. A log visible on the website could be nice for
example.

> >
> > Only if you can't use the password (the one which you gave the viewer)
> > to reconfigure these options.  If 3rd party viewer security is the goal,
> > the only way to enforce that, is (like everything these days) server
> > side by not allowing the viewer to do specific things.
> in the end it comes down to trust: whose viewer do we trust? i'd trust a
> viewer that's available as open source and has been widely vetted and
> examined for security holes. i'd probably have my reservations about joe
> random's viewer-from-the-basement that's closed source and was just
> released yesterday...i might trust a viewer that i've written (then
> again, knowing me, i might not).
A bit pedantic: The source is under the GPL2, which means source MUST be
released. LL could sue for copyright infringement anybody who refused to
provide the source.

Then of course I doubt it'll get to that, as since as per GPL2 the
source must be open, anybody refusing to show the source is obviously
hiding something.


But, even if I'm trusted, I'd still like to have this mechanism. Maybe
one day I'll screw up and accidentally release a viewer that does
something nasty. Permissions and logs would be very helpful in this
case.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20071003/5abfc20a/attachment.pgp


More information about the SLDev mailing list