[Opensim-dev] secure_inventory_server ??
liu xiaolu
lulurun at gmail.com
Fri Jul 25 03:04:24 UTC 2008
That option is avaliable from 5592, it is just a temporary thing.
To explain the situation simply:
1. old inventory server accepts any request without check the use identity,
this causes a problem that everyone's inventory information can be easily
modified by other people who even do not know your password.
2. secure_inventory_server accepts request by checking a valid session_id,
so every inventory request needs to be attached a session_id.
3. then both of the regionserver and the inventoryserver have to be changed:
3.1 regionserver adds user's "session_id" to inventory CRUD requests
3.2 secureinventoryserver expects the request data contains a "session_id"
4. so the latest regionserver do not work with non-secure inventoryserver
any more.
the option enables people who are using the latest regionserver, but want to
connect to a non-secure inventoryserver - they can set
"use_secure_invnetory" to false in OpenSim.ini
2008/7/25 Charles Krinke <cfk at pacbell.net>:
> I am hearing about a new OpenSim.ini setting called secure_inventory_server
> and am told it is not in OpenSim.ini.example. I believe all settings for
> OpenSim should be in OpenSim.ini and have a default, which in this case
> could be either true, or false, I would think.
>
> Can someone please help us understand what this setting is, what it does
> when set to false, what it does when set to true and perhaps consider adding
> at least a default for this setting in OpenSim.ini.example?
>
> Charles
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
--
Lulurun
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080725/34f67036/attachment-0001.html>
More information about the Opensim-dev
mailing list