[Opensim-dev] secure_inventory_server ??
Michael Wright
michaelwri22 at yahoo.co.uk
Fri Jul 25 14:16:22 UTC 2008
Yeah when I suggested the option on inventory server, I just meant so it didn't do any checks. The actually intererfaces having a few changes is nothing. Everyone has to expect those sort of changes.
Anyway at first I was only suggesting a temporay option. As while everyone should expect painful breaking changes, if we can easily add temporary options that give a bit of time to change over to a new system then I think we should. Again it has to be a easy thing to add, I'm not suggesting that we should spend lots of time on adding these options. But like in this case a small flag around the security check.
Anyway, if we add the option to the inventory server to turn off checks, so that it is no longer tied to a user server. Then there should be no problems with removing the region side option. Just with that system in the inventory server, we need one option or the other.
I think the sessionId could be made to work, just with a push method from the user server rather than a pull. In general I think we should avoid those pull systems that require setting a lot of urls on different servers anyway.
So maybe one way would be when the user logs in, it looks up the inventory server url that user is using. Then it does a initial request to the inventory server to authenticate that grid can have acess to the users inventory on that server, which can include the session id. So really the same system but with push rather than pull.
Justin Clark-Casey <jjustincc at googlemail.com> wrote: Michael Wright wrote:
> a quick follow on, what I mean about it being too rigid, is that by
> having a set userserver set url in the inventory server. It makes it
> harder to use the same inventory server on multiple grids. Either for
> the same user (if their id on each grid was the same). Or just multiple
> grids/user groups sharing a common inventory server.
>
> I actually consider both of them features that we have/had and should
> keep. SO while on important bug (the lack of security) has been fixed,
> it has broke two other features.
I do agree. In the long term I think that security for the inventory service should be managed by direct client login
rather than being tied to a user session id.
However, I suspect that with the current client, user session id might be the best that we can do. But I see that to
preserve the use cases you describe we should have an option to stop the inventory server contacting the user server to
perform security checks. So I'm dropping the concerns I had with putting another option on the inv server :-)
However, I think that this switch should simply mean that checks aren't performed. It would be much nicer not to have
it set up a different bunch of 'legacy' handlers instead of the 'secure' ones. I think that we should also still
eliminate the old InventoryService option on the region server as soon as possible to avoid the dead weight of that code
and needless option proliferation - if people are following trunk then they really do have to expect that there are
occasionally going to be painful breaking upgrades.
>
> */Michael Wright /* wrote:
>
> Okay had a bit deeper look at the inventory changes, and see the
> changes aren't anywhere near as big as I was imagining. So guess I
> take back my suggestion of a option.
>
> I made the suggestion, because my thinking in something like while
> no interfaces are going to be anything like stable until much nearer
> to 1.0, I do think if a really big change is made to a interface
> (specially on the interfaces to the grid servers). If it is possible
> to add a mode for backwards compatibility easily, then we should do
> so (even if only temporary). But as I said, after looking more
> closely at the changes, doesn't look like this is such a big change.
>
> I'm a little concerned about the constant lookup to the user server.
> As I think really we should be trying to spearate the
> inventory/asset servers so they are more standalone (don't keep
> connecting to other servers). To allow for a more destributed set up
> with them. But haven't really thought about how a secure system
> could work there. This lookup method just feels a bit too rigid to me
>
> */Michael Wright /* wrote:
>
> Yeah I guess, one problem with changes like this is anyone who
> has custom Login service (like us) has to rewrite it to use the
> new methods. Which is going to take time. But I guess that is
> how things go.
>
> To be honest, even not taking that into account I would still
> like to see a way to turn things off. While you can argue that
> we should avoid too many options. At the same time I think you
> can argue that we should make things as customisable as possible
> (which is what I prefer).
>
> I guess I need to look at the changes in inventory server more
> closely before I can really give a proper opinion though.
>
> */Justin Clark-Casey /* wrote:
>
> Michael Wright wrote:
> > We might also want to add a temporary config setting to
> the inventory
> > server to turn the security off. For people who want to
> update the
> > server, but could have old regions on the grid.
>
> To be honest, I think that it would be nice to avoid option
> proliferation. Already, the 'secure' option is really just
> a bridge - the original mode should be removed (and secure
> become the 'default') when we're happy that they aren't major
> difficulties. Adding another option for inventory server
> potentially exposes another point of failure and something
> that will have to be deprecated/removed later on.
>
> I think that traditionally we've been happy to have breaking
> grid changes that have required region updates. Can we do
> the same thing here?
>
> >
> > */liu xiaolu /* wrote:
> >
> > OK, I can understand that,
> >
> > you can change the OpenSim.ini.example like,
> > add the following line inside [Network] section (just under
> > inventory_server_url):
> > ;secure_inventory_server = true
> > you should keep the line commented, because by default
> its value is
> > "true"
> >
> > We(Johan, Mikem, lulurun) discussed about this,
> > "secure_inventory_server" is just a "bridge"
> > for the people who are running latest regionserver, but
> using old
> > revisions of UGAI.
> >
> > as the revision number grows, we want to delete this
> option in the
> > short future.
> >
> > \\\\
> > 2008/7/25 Charles Krinke >:
> >
> > Thanks, Lulurun. That helps some.
> >
> > I believe the concern I have is the support of our users
> on the
> > #opensim IRC channel. If there are settings to OpenSim
> that are
> > *not* in OpenSim.ini.example and someone sets them, then
> support
> > gets more difficult.
> >
> > At this point, I am merely trying to suggest that any config
> > settings that anyone might use be entered in
> > OpenSim.ini.example. Additionally a couple of comments that
> > describe when one might want to use these settings would help
> > our users move forward.
> >
> > Charles
> >
> >
> > ----- Original Message ----
> > From: liu xiaolu >
> > To: opensim-dev at lists.berlios.de
> >
> > Sent: Thursday, July 24, 2008 8:04:24 PM
> > Subject: Re: [Opensim-dev] secure_inventory_server ??
> >
> > That option is avaliable from 5592, it is just a
> temporary thing.
> >
> > To explain the situation simply:
> > 1. old inventory server accepts any request without check the
> > use identity, this causes a problem that everyone's inventory
> > information can be easily modified by other people who
> even do
> > not know your password.
> > 2. secure_inventory_server accepts request by checking a
> valid
> > session_id, so every inventory request needs to be attached a
> > session_id.
> > 3. then both of the regionserver and the inventoryserver
> have to
> > be changed:
> > 3.1 regionserver adds user's "session_id" to inventory CRUD
> > requests
> > 3.2 secureinventoryserver expects the request data contains a
> > "session_id"
> > 4. so the latest regionserver do not work with non-secure
> > inventoryserver any more.
> >
> > the option enables people who are using the latest
> regionserver,
> > but want to connect to a non-secure inventoryserver -
> they can
> > set "use_secure_invnetory" to false in OpenSim.ini
> >
> >
> > 2008/7/25 Charles Krinke >:
> >
> > I am hearing about a new OpenSim.ini setting called
> > secure_inventory_server and am told it is not in
> > OpenSim.ini.example. I believe all settings for OpenSim
> > should be in OpenSim.ini and have a default, which in this
> > case could be either true, or false, I would think.
> >
> > Can someone please help us understand what this setting is,
> > what it does when set to false, what it does when set to
> > true and perhaps consider adding at least a default for this
> > setting in OpenSim.ini.example?
> >
> > Charles
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> >
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
> >
> >
> >
> > --
> > Lulurun
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
> >
> >
> >
> > --
> > Lulurun
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
> >
> >
> >
> ------------------------------------------------------------------------
> > Not happy with your email address?
> > Get the one you really want -
> > millions of new email addresses available now at Yahoo!
> >
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
> --
> justincc
> Justin Clark-Casey
> http://justincc.wordpress.com
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
> ------------------------------------------------------------------------
> Not happy with your email address?
> Get the one you really want
> - millions of new
> email addresses available now at Yahoo!
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
> ------------------------------------------------------------------------
> Not happy with your email address?
> Get the one you really want
> - millions of new email
> addresses available now at Yahoo!
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>
> ------------------------------------------------------------------------
> Not happy with your email address?
> Get the one you really want -
> millions of new email addresses available now at Yahoo!
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
--
justincc
Justin Clark-Casey
http://justincc.wordpress.com
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
---------------------------------
Not happy with your email address?
Get the one you really want - millions of new email addresses available now at Yahoo!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080725/d0906b16/attachment-0001.html>
More information about the Opensim-dev
mailing list