[Opensim-dev] Security and ClientView
Justin Clark-Casey
jjustincc at googlemail.com
Wed Nov 5 12:56:01 UTC 2008
Frisby, Adam wrote:
> In preparation for some changes I’d like to make once 0.6 has hit (the
> IClientAPI stuff I mentioned a few weeks back) I’ve been reviewing some
> of the ClientView.cs files and have noticed something potentially
> disturbing – we’re doing security checks in the packet processing layer.
>
>
>
> I realise when we only have one ClientView, it doesn’t matter too much
> where those checks occur – however when we add multiple client views
> into the system, we’re potentially in a situation where there could be
> different security permissions depending on which client you connect with.
>
>
>
> I would like to propose that as a standard, we handle ‘Can a user do
> this’ in the appropriate module rather than in the Client Stack. IE –
> doing ‘can a user terraform here?’ inside the Terrain module instead of
> ‘RecieveTerraformPacket’.
+1 - makes sense.
--
justincc
Justin Clark-Casey
http://justincc.wordpress.com
More information about the Opensim-dev
mailing list