[Opensim-dev] Security on Opensim

Sun Jun 22 01:50:13 UTC 2008

I and my four friends don't like you. *ban*

No, automated solutions like that rarely ever work properly. Some human
element is required. Putting default-deny on permissions though tends to
limit the damage that can be done.

Regards,

Adam

From: opensim-dev-bounces at lists.berlios.de
[mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Rohan Peters
Sent: Saturday, 21 June 2008 6:47 PM
To: opensim-dev at lists.berlios.de
Subject: Re: [Opensim-dev] Security on Opensim

I like the idea of a user being reported 5 times then auto banned until
confirmed (incase of error, or hate groups)

Rohan Peters

CEO

TriOptimum

Melbourne, Vic, Australia

From: opensim-dev-bounces at lists.berlios.de
[mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of liu xiaolu
Sent: Sunday, June 22, 2008 11:24 AM
To: opensim-dev at lists.berlios.de
Subject: Re: [Opensim-dev] Security on Opensim

Correction for the last two sentence :)
>Of course GridServer should not *immediately* put the reported user
name into gridwide blacklist(region onwer maybe a bad person).
>there should be a mechanism for determine bad users in GridServer.
(*for example* a user is reported by more than 5 different RegionServer)

lulurun,
regards

2008/6/22 liu xiaolu <lulurun at gmail.com>:

"Banning user" is a necessary function, but it should not be *ONLY*
centralized in GridServer.
we should also build "banning" functions inside RegionServer since
RegionServer owners may have different dislikes.

This is quite similar to region registration:
RegionServer keeps Regions/*.xml, when it online/offline, RegionServer
tell GridServer to update/delete itself.

So, each RegionServer can also hold a file like "Users/blacklist.txt",
it contains the list of user name.
when "expect_user" called, RegionServer checks its own list.

The "banning list" should have different scopes - 0:per region; 1:per
grid;
the balck list file maybe like:
  test user 0(per region)
  lulu run 1(per grid)
"per region" banning is done by checking a local list during
"expect_user"
"per grid" banned user should be banned and report to GridServer.
Of course GridServer should not put the reported user name into gridwide
blacklist(region onwer maybe a bad person).
there should be a mechanism for determine bad users in GridServer. (a
user is reported by more than 5 different RegionServer)

lulurun,
regards

2008/6/22 Cityworld <cityworld at gmx.de>:

	Since a few days the Griefers called Patriotic Nigras started to
attack Opensim Grids

	Osgrid is now attacked a few Days with bad attacks and we have
no function to ban a user or either kick a user gridwide, so i thought
about a method to ban a user from any console where the consoles server
is allowed to have gridwide admin status

	look on my demonstration pic, that would work fine to kick a
user or ban a user gridwide:

	http://xionx.de/bannuser.jpg

	an admin enters on a granted console the command, then the
command runs through the gridserver and in the main database it will be
checked if that consoles server is allowed to kick or ban users
gridwide.

	_______________________________________________
	Opensim-dev mailing list
	Opensim-dev at lists.berlios.de
	https://lists.berlios.de/mailman/listinfo/opensim-dev

-- 
Lulurun 

-- 
Lulurun 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080621/97346f8a/attachment-0001.html>