[Opensim-dev] secure_inventory_server ??

[Michael Wright]

Well no, as each user should have a inventory server url in their userprofile db. So that is looked up and the login server then asks for permission on the inventory server to access a users inventory and to push the session id. So yes you need to set up permissions on the inventory server to allow the various "grids" to access a users inventory. 

But as there could be multiple grids authorised for a user, it allows the user to login and out of those grids while keeping the same inventory. If you have a userserver url in some db in the inventory server, then this needs updating when a user changes grids (or if multiple urls were saved, then the active one needs setting). And it certainly shouldn't have to be done manually so again it requires a push. 

liu xiaolu <lulurun at gmail.com> wrote: Comparing "pull" and "push", I would like to say:
pull is "require setting a lot of urls on different servers anyway", but push is full with vulnerability.




       
---------------------------------
 Not happy with your email address?
  Get the one you really want - millions of new email addresses available now at  Yahoo!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080725/cbaaa105/attachment-0001.html>