[Opensim-dev] Security and ClientView
Melanie
melanie at t-data.com
Wed Nov 5 16:45:03 UTC 2008
There is a permissions module.
+1 for putting security checks there.
Melanie
Justin Clark-Casey wrote:
> Frisby, Adam wrote:
>> In preparation for some changes I’d like to make once 0.6 has hit (the
>> IClientAPI stuff I mentioned a few weeks back) I’ve been reviewing some
>> of the ClientView.cs files and have noticed something potentially
>> disturbing – we’re doing security checks in the packet processing layer.
>>
>>
>>
>> I realise when we only have one ClientView, it doesn’t matter too much
>> where those checks occur – however when we add multiple client views
>> into the system, we’re potentially in a situation where there could be
>> different security permissions depending on which client you connect with.
>>
>>
>>
>> I would like to propose that as a standard, we handle ‘Can a user do
>> this’ in the appropriate module rather than in the Client Stack. IE –
>> doing ‘can a user terraform here?’ inside the Terrain module instead of
>> ‘RecieveTerraformPacket’.
>
> +1 - makes sense.
>
More information about the Opensim-dev
mailing list