[Opensim-dev] ConsoleClient -pass option

Jeroen van Veen j.veenvan at gmail.com
Sun Sep 6 12:44:20 UTC 2009 

The new rest console looks very exciting. Still struggling with it. I've read 
a bit through the code, and made some initial docs about it at: 
http://opensimulator.org/wiki/RestConsole

Maybe other people can do some testing as well, and write their findings down. 
I'll try to make a working example in python.

Jeroen

On Friday 04 September 2009 15:05:09 Dickson, Mike (ISS Software) wrote:
> Thanks for the pointer Melanie. No I wasn't aware of it.  I'll have a look.
>
> I'm pretty sure I don't agree however that a simple GET/PUT interface is
> somehow just better than (dated!) XML/RPC (or some other protocol where the
> on the wire data types are actually defined). That's creeping towards a
> religious discussion however so I'll drop it. Having the console
> functionality packages separate like this is the important "feature" IMO.
>
> Mike
>
> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de
> [mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Melanie Sent:
> Friday, September 04, 2009 9:59 AM
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] ConsoleClient -pass option
>
> Have you ever looked at the REST console? That is precisely what it
> does, it removes the local console, enabling the process to run as a
> daemon, and allows remote connections from a console application.
>
> Only, it doesn't use the (dated) XMLRPC, it uses RESTful requests.
>
> XMLRPC admin is only available in region servers, and is too limited
> a tool even if "beefed up" to ever replace a console.
>
> Melanie
>
> Dickson, Mike (ISS Software) wrote:
> > Right.  That gets around the issue.  BTW, if the server is running SNMP
> > or something that gives access to the process list this problem can leak
> > outside the local machine.  I don't for sure but I'm guessing you could
> > have the same issue in Windows with WMI.
> >
> > IMO, the right answer is to dump the consoles, beef up the XML/RPC admin
> > interface and if desired do a separate "console app" that parses and
> > sends the XML/RPC to the server.  I've been noodling on that but still
> > struggling with a stable config with the new "BUST" architecture.
> >
> > Mike
> >
> > -----Original Message-----
> > From: opensim-dev-bounces at lists.berlios.de
> > [mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Dr Scofield
> > Sent: Friday, September 04, 2009 3:19 AM
> > To: opensim-dev at lists.berlios.de
> > Subject: Re: [Opensim-dev] ConsoleClient -pass option
> >
> > Dickson, Mike (ISS Software) wrote:
> >> I'd agree with Dave on this one.  Just a simple long ps listing gets you
> >> the password if its on cleartext on the command line.  At least the file
> >> can be locked down via permissions.  A password on the command line is
> >> pretty much insecure. Might as well not have one.
> >
> > ...unless you rewrite argv (which is standard practise for stuff like
> > that).
> >
> > 	DrS/dirk
> >
> >> Mike
> >>
> >> -----Original Message-----
> >> From: opensim-dev-bounces at lists.berlios.de
> >> [mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Melanie Sent:
> >> Thursday, September 03, 2009 10:02 PM
> >> To: opensim-dev at lists.berlios.de
> >> Subject: Re: [Opensim-dev] ConsoleClient -pass option
> >>
> >> It's choosing the lesser evil.
> >>
> >> Melanie
> >>
> >> Dave Coyle wrote:
> >>> On Thursday 03 September 2009 03:00:46 pm  wrote:
> >>>> commit 6b70b5709913e9734f5864560e997b34dfd58b85
> >>>> Author: Justin Clark-Casey (justincc) <jjustincc at googlemail.com>
> >>>> Date:   Thu Sep 3 20:00:18 2009 +0100
> >>>>
> >>>>     * Add extra warning about using -pass in
> >>>> OpenSim.ConsoleClient.ini.example
> >>>>
> >>>> <...>
> >>>>
> >>>> +    ; Please be aware that this is not secure since the password is
> >>>> in the clear +    ; we recommend the use of -pass wherever possible
> >>>>      ;pass = secret
> >>>
> >>> Is the password not also in the clear, visible to any local user who
> >>> does a 'ps', if you use the -pass switch?  Access to
> >>> OpenSim.ConsoleClient.ini can at least be restricted to specific
> >>> user(s).  I don't see how -pass is the lesser of the two evils.
> >>>
> >>> -coyled
> >>>
> >>>
> >>> -----------------------------------------------------------------------
> >>>-
> >>>
> >>> _______________________________________________
> >>> Opensim-dev mailing list
> >>> Opensim-dev at lists.berlios.de
> >>> https://lists.berlios.de/mailman/listinfo/opensim-dev
> >>
> >> _______________________________________________
> >> Opensim-dev mailing list
> >> Opensim-dev at lists.berlios.de
> >> https://lists.berlios.de/mailman/listinfo/opensim-dev
> >> _______________________________________________
> >> Opensim-dev mailing list
> >> Opensim-dev at lists.berlios.de
> >> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev

More information about the Opensim-dev mailing list