[Opensim-dev] Security and ClientView
Frisby, Adam
adam at deepthink.com.au
Wed Nov 5 12:23:31 UTC 2008
In preparation for some changes I'd like to make once 0.6 has hit (the IClientAPI stuff I mentioned a few weeks back) I've been reviewing some of the ClientView.cs files and have noticed something potentially disturbing - we're doing security checks in the packet processing layer.
I realise when we only have one ClientView, it doesn't matter too much where those checks occur - however when we add multiple client views into the system, we're potentially in a situation where there could be different security permissions depending on which client you connect with.
I would like to propose that as a standard, we handle 'Can a user do this' in the appropriate module rather than in the Client Stack. IE - doing 'can a user terraform here?' inside the Terrain module instead of 'RecieveTerraformPacket'.
Adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20081105/a12483fc/attachment-0001.html>
More information about the Opensim-dev
mailing list