[Opensim-dev] Critical plugin check?
Sean Dague
sean at dague.net
Wed Jun 18 21:55:54 UTC 2008
On Wed, Jun 18, 2008 at 01:49:35PM -0700, Kyle Hamilton wrote:
> I think that there's something a bit worrisome about this idea.
>
> What if the server were hacked such that, say, a money-management
> module was substituted? (Remember, most attacks are not from people
> outside the organization, but rather inside the organization. If some
> disgruntled sysadmin decided to start playing around with the economy,
> it might be extremely damaging and destroy a lot of confidence in the
> economy -- which would have the effect of making the economy
> unsustainable, since economies that aren't backed by real value [such
> as gold] only exist by virtue of economic-participant confidence.)
If you have physical access to the server, all bets are off. They could
just as easily fiddle db numbers as load a new module. You can't
protect yourself from people who can log into you box and get a shell.
When looking at rework of the plugin approach, I'd suggest that we
standardize on Mono Addins, and build from there. Right now we've got 3
or 4 different loaders, and all the custom different loaders we wrote
don't seem to gain us much over just using addins.
-Sean
--
__________________________________________________________________
Sean Dague Mid-Hudson Valley
sean at dague dot net Linux Users Group
http://dague.net http://mhvlug.org
There is no silver bullet. Plus, werewolves make better neighbors
than zombies, and they tend to keep the vampire population down.
__________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080618/b4f897b9/attachment-0001.pgp>
More information about the Opensim-dev
mailing list