[Opensim-dev] secure_inventory_server ??
Justin Clark-Casey
jjustincc at googlemail.com
Fri Jul 25 10:40:19 UTC 2008
liu xiaolu wrote:
> OK, I can understand that,
>
> you can change the OpenSim.ini.example like,
> add the following line inside [Network] section (just under
> inventory_server_url):
> ;secure_inventory_server = true
> you should keep the line commented, because by default its value is "true"
>
> We(Johan, Mikem, lulurun) discussed about this,
> "secure_inventory_server" is just a "bridge"
> for the people who are running latest regionserver, but using old
> revisions of UGAI.
>
> as the revision number grows, we want to delete this option in the short
> future.
Lulurun, I think that a formal patch changing OpenSim.ini.example (and explaining what the option means and why you
would want to use it) would be a good way forward.
>
> \\\\
> 2008/7/25 Charles Krinke <cfk at pacbell.net <mailto:cfk at pacbell.net>>:
>
> Thanks, Lulurun. That helps some.
>
> I believe the concern I have is the support of our users on the
> #opensim IRC channel. If there are settings to OpenSim that are
> *not* in OpenSim.ini.example and someone sets them, then support
> gets more difficult.
>
> At this point, I am merely trying to suggest that any config
> settings that anyone might use be entered in OpenSim.ini.example.
> Additionally a couple of comments that describe when one might want
> to use these settings would help our users move forward.
>
> Charles
>
>
> ----- Original Message ----
> From: liu xiaolu <lulurun at gmail.com <mailto:lulurun at gmail.com>>
> To: opensim-dev at lists.berlios.de <mailto:opensim-dev at lists.berlios.de>
> Sent: Thursday, July 24, 2008 8:04:24 PM
> Subject: Re: [Opensim-dev] secure_inventory_server ??
>
> That option is avaliable from 5592, it is just a temporary thing.
>
> To explain the situation simply:
> 1. old inventory server accepts any request without check the use
> identity, this causes a problem that everyone's inventory
> information can be easily modified by other people who even do not
> know your password.
> 2. secure_inventory_server accepts request by checking a valid
> session_id, so every inventory request needs to be attached a
> session_id.
> 3. then both of the regionserver and the inventoryserver have to be
> changed:
> 3.1 regionserver adds user's "session_id" to inventory CRUD requests
> 3.2 secureinventoryserver expects the request data contains a
> "session_id"
> 4. so the latest regionserver do not work with non-secure
> inventoryserver any more.
>
> the option enables people who are using the latest regionserver, but
> want to connect to a non-secure inventoryserver - they can set
> "use_secure_invnetory" to false in OpenSim.ini
>
>
> 2008/7/25 Charles Krinke <cfk at pacbell.net <mailto:cfk at pacbell.net>>:
>
> I am hearing about a new OpenSim.ini setting called
> secure_inventory_server and am told it is not in
> OpenSim.ini.example. I believe all settings for OpenSim should
> be in OpenSim.ini and have a default, which in this case could
> be either true, or false, I would think.
>
> Can someone please help us understand what this setting is, what
> it does when set to false, what it does when set to true and
> perhaps consider adding at least a default for this setting in
> OpenSim.ini.example?
>
> Charles
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
>
>
> --
> Lulurun
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de <mailto:Opensim-dev at lists.berlios.de>
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
>
>
> --
> Lulurun
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
--
justincc
Justin Clark-Casey
http://justincc.wordpress.com
More information about the Opensim-dev
mailing list