[Opensim-dev] Validating IP and Region
Cinder Roxley
cinder at alchemyviewer.org
Sun Jul 23 19:56:25 UTC 2017
On July 23, 2017 at 2:27:34 PM, Haravikk (opensim at haravikk.me) wrote:
After digging around it's starting to look like the answer is a "no" to
this capability at present (do feel free to correct me if that's wrong,
pretty please!) so I'm thinking about what it would take to add it.
There are only really two key features needed to support it however:
*Add an X-OpenSim-Grid header to llHTTPRequest()*
The idea here is to add a new X-OpenSim-Grid header to all llHTTPRequest()
calls, automatically containing the current grid's login URI, nickname and
full name, in a format resembling the following:
X-OpenSim-Grid: http://mygrid.com/login; nick_name=my_grid; name="My Grid"
x-grid-info:// makes a better resource identifier for grids:
https://alchemy.atlassian.net/wiki/pages/viewpage.action?pageId=28737538 The
nick and the name can be easily pulled from get_grid_info/
*Enable Querying of IP and Region Name*
My thinking is that a new request would be supported on a grid's login URI
(if possible); whereby, instead of logging in, the sender queries the grid
about whether a given region name exists with a given IP address or not,
with the server responding either true or false. There should be no viable
risk of exploitation here as the call will only return true if the sender
already knows both a valid IP address and region name; all it can therefore
do is confirm that <region name> is currently provided by a server at <IP
address>.
You can already POST to the grid service to get this information, although
the grid service isn’t always exposed publicly:
http://opensimulator.org/wiki/GridService
Adding this to the login URI seems like the simplest option, but it may not
be the cleanest (is it polluting the login URI to have it handle other
things like this?), however, with the login URI being the primary point of
contact for a grid it seems like the most logical way to do it to me. If
anyone has any other ideas where the query should be performed (and how the
necessary info can be passed to a web-service) please let comment!
Please don’t pollute the endpoint. While it may be convenient, the login
service may not even have access to the grid service and it doesn’t belong
there. The services are tangled up enough as it is. I would think the
Gatekeeper service would be more appropriate, but don’t quote me on that.
Okay, so I just found that there's no way to retrieve a region's UUID in a
script so you can ignore that part; though I had thought it would be a
better way to identify a region (in case a region is renamed).
Also, bear in mind having one, two, five, or one hundred regions with the
same name on the same ip address is perfectly valid in OpenSim.
Though that does raise the separate question; would there be any harm in
making a region's UUID available to scripts and/or sending it as a HTTP
header? It just seems like it would be a good way to handle any region that
is renamed, because as long as the GUID is kept the same then web-services
(and grids) could recognise that it's the same region and treat it
accordingly.
Changing a region’s UUID is as easy as changing its name, and just as easy
to spoof in most cases.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20170723/b316d24f/attachment.html>
More information about the Opensim-dev
mailing list