[Opensim-dev] Security and ClientView
Stefan Andersson
stefan at tribalmedia.se
Wed Nov 5 16:48:47 UTC 2008
Security checks should always be carried out by the class that govern the objects that is accessed, it can in turn delegate this to something like a policy (permissions) manager.
So, what I'm saying is, +1 on moving this out of the 'outer perimeter' that is clientview.
---
I realise when we only have one ClientView, it doesn’t matter too much where those checks occur – however when we add multiple client views into the system, we’re potentially in a situation where there could be different security permissions depending on which client you connect with.
I would like to propose that as a standard, we handle ‘Can a user do this’ in the appropriate module rather than in the Client Stack. IE – doing ‘can a user terraform here?’ inside the Terrain module instead of ‘RecieveTerraformPacket’.
Adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20081105/66ef9c27/attachment-0001.html>
More information about the Opensim-dev
mailing list