[Opensim-dev] open sim UUID and Passwordhash
Márcio Cardoso
marciomaiden at gmail.com
Sat Oct 17 21:09:27 UTC 2009
i think i found how to create the uuid
select uuid() into id;
but the problem is that i create the avatar in db but i can't make the
login with the avatar.
Márcio Cardoso
A 2009/10/17, às 21:41, Márcio Cardoso escreveu:
> do you now how i create the uuid in mysql?
>
>
> Cumprimentos,
> Márcio Cardoso
>
> A 2009/10/17, às 21:21, Melanie escreveu:
>
>> It is a random (Type 4) GUID.
>>
>> Melanie
>>
>> Márcio Cardoso wrote:
>>> Thank you all, the problem of pass is resolved, so now I need to
>>> discover how the uuid of the avatar is generated . anyone have any
>>> idea how this happens?
>>>
>>> Greetings,
>>> Márcio Cardoso
>>>
>>>
>>>
>>> A 2009/10/16, às 19:34, Frisby, Adam escreveu:
>>>
>>>> Seconded. There are other weak points which could be more easily
>>>> addressed at the current point in time; but I do expect many of
>>>> those to finally get ironed out.
>>>>
>>>> Adam
>>>>
>>>>> -----Original Message-----
>>>>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>>>>> bounces at lists.berlios.de] On Behalf Of diva at metaverseink.com
>>>>> Sent: Friday, 16 October 2009 9:22 AM
>>>>> To: opensim-dev at lists.berlios.de
>>>>> Subject: Re: [Opensim-dev] open sim UUID and Passwordhash
>>>>>
>>>>> The usual warning, I'm a broken record:
>>>>> there is very little security in open OpenSim grids right now.
>>>>>
>>>>> Daniel Smith wrote:
>>>>>>
>>>>>> Not the best place to go over crypto 101, but for those
>>>>>> unfamiliar
>>>>> with
>>>>>> the insecurity of md5("password") by itself, you owe yourself a
>>>>>> visit
>>>>> to
>>>>>> some place like http://www.md5crack.com/crackmd5.php. It'll open
>>>>> your
>>>>>> eyes quickly.
>>>>>>
>>>>>> Try "20ee80e63596799a1543bc9fd88d8878" -- it's ok, just a
>>>>>> rabbit.
>>>>> Not
>>>>>> my password.
>>>>>>
>>>>>> The point that others here are making about salt is pretty valid
>>>>>> (incoming IP address + timestamp + username can be a good start).
>>>>>> You'll have to store the salt somewhere, because you'll never get
>>>>>> the
>>>>>> same one again, and you'll need to add it to the users incoming
>>>>>> pw
>>>>>> to
>>>>>> hash again and compare...
>>>>>>
>>>>>> And +1 to Adam's comment on transmission and storage
>>>>>> requirements.
>>>>> Not
>>>>>> addressing security 101 will leave you with a site incapable of
>>>>>> transmitting anything (or much worse..)
>>>>>>
>>>>>> Daniel
>>>>>>
>>>>>> --
>>>>>> Daniel Smith - Sonoma County, California
>>>>>> http://daniel.org/resume
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>> ---
>>>>>>
>>>>>> _______________________________________________
>>>>>> Opensim-dev mailing list
>>>>>> Opensim-dev at lists.berlios.de
>>>>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>>>> _______________________________________________
>>>>> Opensim-dev mailing list
>>>>> Opensim-dev at lists.berlios.de
>>>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>>> _______________________________________________
>>>> Opensim-dev mailing list
>>>> Opensim-dev at lists.berlios.de
>>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> Opensim-dev at lists.berlios.de
>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20091017/9b3c0333/attachment-0001.html>
More information about the Opensim-dev
mailing list