[Opensim-dev] Is this anything to worry about?

[Diva Canto]

I take this opportunity to, once again, make a call to reality on what 
concerns OpenSim security :-)

Posts like this may give some people an off-band impression that 
OpenSim's security is comparable to Linden Lab's security, and that you 
need these security consultants to crack it up. It is not comparable and 
you don't need these consultants yet. OpenSim is alpha software that 
hasn't even reached 0.7. Security is practically non-existent unless the 
people deploying a grid know very well where all the security holes are 
and either (a) run everything inside a firewall or (b) cover the holes 
with additional layers of protection -- which essentially  means doing 
actual development on the existing code. Things are particularly 
unprotected in open grids.
I'm pretty sure things will improve substantially as we get closer to 
1.0, and as new viewers come to play with us, but we're not there yet.

Furthermore, OpenSim is not an VW application, like Linden Lab's, but an 
extensible framework for building VW applications. There are already 
several built-in options that result in quite different systems, and, in 
what concerns security, there will be at least a few that result is 
quite different security schemes. And since the framework is extensible, 
in a couple of years I will expect to see uses of OpenSim with 
completely different security characteristics.

For now, just keep this one word in mind: VeryLittleSecurityHereYet.

Colin B. Withers wrote:
> Hi,
>
> Someone has sent me this link for a possible blog article. However, I don't think this would make a suitable article, but I would be interested in the views of any of the devs on the claimed vulnerabilities.
>
> 	
> http://www.blackhat.com/presentations/bh-europe-08/Thumann/Presentation/bh-eu-08-thumann.pdf
>
>
> Rock
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>