[Opensim-dev] open sim UUID and Passwordhash

Marcio Cardoso marciomaiden at gmail.com
Sun Oct 18 18:18:54 UTC 2009 

Thank's a lot, i solve the problem, when you insert a avatar from a  
stored procedure in mysql, you need to insert more data, not only the  
user name, the password and uuid.


Cumprimentos,
Márcio Cardoso

A 2009/10/17, às 22:34, Rich White escreveu:

> Here is the MySQL UUID function:
>
> http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_uuid
>
>
>
>
> ===
>
> 2009/10/17 Márcio Cardoso <marciomaiden at gmail.com>:
>> Thank you all, the problem of pass is resolved, so now I need to  
>> discover
>> how the uuid of the avatar is generated . anyone have any idea how  
>> this
>> happens?
>>
>> Greetings,
>> Márcio Cardoso
>>
>>
>>
>> A 2009/10/16, às 19:34, Frisby, Adam escreveu:
>>
>> Seconded. There are other weak points which could be more easily  
>> addressed
>> at the current point in time; but I do expect many of those to  
>> finally get
>> ironed out.
>>
>> Adam
>>
>> -----Original Message-----
>>
>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>>
>> bounces at lists.berlios.de] On Behalf Of diva at metaverseink.com
>>
>> Sent: Friday, 16 October 2009 9:22 AM
>>
>> To: opensim-dev at lists.berlios.de
>>
>> Subject: Re: [Opensim-dev] open sim UUID and Passwordhash
>>
>> The usual warning, I'm a broken record:
>>
>> there is very little security in open OpenSim grids right now.
>>
>> Daniel Smith wrote:
>>
>> Not the best place to go over crypto 101, but for those unfamiliar
>>
>> with
>>
>> the insecurity of md5("password") by itself, you owe yourself a visit
>>
>> to
>>
>> some place like http://www.md5crack.com/crackmd5.php.  It'll open
>>
>> your
>>
>> eyes quickly.
>>
>> Try "20ee80e63596799a1543bc9fd88d8878"  -- it's ok, just a rabbit.
>>
>> Not
>>
>> my password.
>>
>> The point that others here are making about salt is pretty valid
>>
>> (incoming IP address + timestamp + username can be a good start).
>>
>> You'll have to store the salt somewhere, because you'll never get the
>>
>> same one again, and you'll need to add it to the users incoming pw to
>>
>> hash again and compare...
>>
>> And +1 to Adam's comment on transmission and storage requirements.
>>
>> Not
>>
>> addressing security 101 will leave you with a site incapable of
>>
>> transmitting anything (or much worse..)
>>
>> Daniel
>>
>> --
>>
>> Daniel Smith - Sonoma County, California
>>
>> http://daniel.org/resume
>>
>>
>> ---------------------------------------------------------------------
>>
>> ---
>>
>> _______________________________________________
>>
>> Opensim-dev mailing list
>>
>> Opensim-dev at lists.berlios.de
>>
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>> _______________________________________________
>>
>> Opensim-dev mailing list
>>
>> Opensim-dev at lists.berlios.de
>>
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>
>>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev

More information about the Opensim-dev mailing list