[Opensim-dev] secure_inventory_server ??
Michael Wright
michaelwri22 at yahoo.co.uk
Fri Jul 25 09:07:15 UTC 2008
We might also want to add a temporary config setting to the inventory server to turn the security off. For people who want to update the server, but could have old regions on the grid.
liu xiaolu <lulurun at gmail.com> wrote: OK, I can understand that,
you can change the OpenSim.ini.example like,
add the following line inside [Network] section (just under inventory_server_url):
;secure_inventory_server = true
you should keep the line commented, because by default its value is "true"
We(Johan, Mikem, lulurun) discussed about this, "secure_inventory_server" is just a "bridge"
for the people who are running latest regionserver, but using old revisions of UGAI.
as the revision number grows, we want to delete this option in the short future.
\\\\
2008/7/25 Charles Krinke <cfk at pacbell.net>:
Thanks, Lulurun. That helps some.
I believe the concern I have is the support of our users on the #opensim IRC channel. If there are settings to OpenSim that are *not* in OpenSim.ini.example and someone sets them, then support gets more difficult.
At this point, I am merely trying to suggest that any config settings that anyone might use be entered in OpenSim.ini.example. Additionally a couple of comments that describe when one might want to use these settings would help our users move forward.
Charles
----- Original Message ----
From: liu xiaolu <lulurun at gmail.com>
To: opensim-dev at lists.berlios.de
Sent: Thursday, July 24, 2008 8:04:24 PM
Subject: Re: [Opensim-dev] secure_inventory_server ??
That option is avaliable from 5592, it is just a temporary thing.
To explain the situation simply:
1. old inventory server accepts any request without check the use identity, this causes a problem that everyone's inventory information can be easily modified by other people who even do not know your password.
2. secure_inventory_server accepts request by checking a valid session_id, so every inventory request needs to be attached a session_id.
3. then both of the regionserver and the inventoryserver have to be changed:
3.1 regionserver adds user's "session_id" to inventory CRUD requests
3.2 secureinventoryserver expects the request data contains a "session_id"
4. so the latest regionserver do not work with non-secure inventoryserver any more.
the option enables people who are using the latest regionserver, but want to connect to a non-secure inventoryserver - they can set "use_secure_invnetory" to false in OpenSim.ini
2008/7/25 Charles Krinke <cfk at pacbell.net>:
I am hearing about a new OpenSim.ini setting called secure_inventory_server and am told it is not in OpenSim.ini.example. I believe all settings for OpenSim should be in OpenSim.ini and have a default, which in this case could be either true, or false, I would think.
Can someone please help us understand what this setting is, what it does when set to false, what it does when set to true and perhaps consider adding at least a default for this setting in OpenSim.ini.example?
Charles
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
--
Lulurun
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
--
Lulurun
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
---------------------------------
Not happy with your email address?
Get the one you really want - millions of new email addresses available now at Yahoo!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080725/ba3da238/attachment-0001.html>
More information about the Opensim-dev
mailing list