[Opensim-dev] Security and ClientView
Frisby, Adam
adam at deepthink.com.au
Wed Nov 5 17:23:22 UTC 2008
Not quite the right place IMO.
That's then going:
ClientStack -> Perms Module -> Other Modules
I'd prefer:
ClientStack -> Other Modules <-> Perms Module if appropriate
Adam
> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
> bounces at lists.berlios.de] On Behalf Of Melanie
> Sent: Wednesday, 5 November 2008 8:45 AM
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] Security and ClientView
>
> There is a permissions module.
>
> +1 for putting security checks there.
>
> Melanie
>
>
> Justin Clark-Casey wrote:
> > Frisby, Adam wrote:
> >> In preparation for some changes I'd like to make once 0.6 has hit
> (the
> >> IClientAPI stuff I mentioned a few weeks back) I've been reviewing
> some
> >> of the ClientView.cs files and have noticed something potentially
> >> disturbing - we're doing security checks in the packet processing
> layer.
> >>
> >>
> >>
> >> I realise when we only have one ClientView, it doesn't matter too
> much
> >> where those checks occur - however when we add multiple client views
> >> into the system, we're potentially in a situation where there could
> be
> >> different security permissions depending on which client you connect
> with.
> >>
> >>
> >>
> >> I would like to propose that as a standard, we handle 'Can a user do
> >> this' in the appropriate module rather than in the Client Stack. IE
> -
> >> doing 'can a user terraform here?' inside the Terrain module instead
> of
> >> 'RecieveTerraformPacket'.
> >
> > +1 - makes sense.
> >
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
More information about the Opensim-dev
mailing list