[Opensim-dev] Security and ClientView
Dr Scofield
DrScofield at xyzzyxyzzy.net
Wed Nov 5 17:35:04 UTC 2008
Frisby, Adam wrote:
> In preparation for some changes I’d like to make once 0.6 has hit (the
> IClientAPI stuff I mentioned a few weeks back) I’ve been reviewing some
> of the ClientView.cs files and have noticed something potentially
> disturbing – we’re doing security checks in the packet processing layer.
>
>
>
> I realise when we only have one ClientView, it doesn’t matter too much
> where those checks occur – however when we add multiple client views
> into the system, we’re potentially in a situation where there could be
> different security permissions depending on which client you connect with.
>
>
>
> I would like to propose that as a standard, we handle ‘Can a user do
> this’ in the appropriate module rather than in the Client Stack. IE –
> doing ‘can a user terraform here?’ inside the Terrain module instead of
> ‘RecieveTerraformPacket’.
+1.
--
dr dirk husemann ---- virtual worlds research ---- ibm zurich research lab
SL: dr scofield ---- drscofield at xyzzyxyzzy.net ---- http://xyzzyxyzzy.net/
RL: hud at zurich.ibm.com - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/
More information about the Opensim-dev
mailing list