Hypergrid Inventory Access
From OpenSimulator
(Difference between revisions)
m (HypergridInventoryAccess moved to Hypergrid Inventory Access: Spaces make it more readable) |
Revision as of 11:31, 14 November 2008
Contents |
Proposal for Restricting Access to Inventory in Open Grids
Problem Statement
Open grids that allow arbitrary people to plugin their opensims pose a serious threat to the security of users' inventories and grid assets. A malicious host can simply copy the entire visitor's inventory, and can even wipe it out. It can also issue a long stream of requests to the asset server, in the hopes of copying as many grid assets as possible.
Analysis of the Problem
The kernel of the problem is that there exists an implicit trust between regions and storage-related servers. This trust comes from Linden Lab's grid architecture, where all regions are run by the same organization that runs the storage-related servers. This trust does not hold in open systems.
Proposed Solution
- Make "home" mean a lot more than a place on the map. In an open system, "home" can be the place where the user can safely access her inventory without fear of theft. When users go out of their home regions, access to their inventory (GET) is restricted to only one special folder called "Suitcase". The only items that can be accessed while the user is out and about are those placed in the Suitcase, all other items are refused service. The user should be aware that those items, as well as the attachments the user carries, can be stolen by malicious hosts.
- Establish a function for users to be able to specify foreign additional regions that they trust.