[sldev] [Upcoming Changes] Website Viewer Authentication

Argent Stonecutter secret.argent at gmail.com
Fri Sep 28 20:58:41 PDT 2007


On 28-Sep-2007, at 16:31, David Kaprielian (Sabin) wrote:
> In any case, I wanted to take a moment and send to this list some  
> security changes Linden is going to make in order to further the  
> efforts of anti-fraud and phishing prevention.  Pretty soon we're  
> going to consolidate logins to our website so we can eventually  
> centralize the process.  In other words, residents will not have to  
> type their name and password into SL viewers and applications,  
> they'll type them into our website instead.

[...]

What is the point of this operation? It seems like it will make it  
harder for people to log in to SL, and will probably generate warning  
dialogs on Windows (and Mac the first time a user does it), and will  
fall afoul of some popular so-called security applications, and I  
honestly can't see how this improves security given that cross-zone  
attacks are EASIER in HTTP(S) and phishing is easier in browsers.

> Fortunately, we will be implementing a login screen for each of our  
> viewers (similar to the one you see now) which goes through our  
> website.

If this login screen does not support HTTP proxies you better make  
sure it doesn't use port 80 or 443.



More information about the SLDev mailing list