<div dir="ltr">Hey, <div><br></div><div> I have a few grid based apps that are designed to work across grids. Since I ran into several issues involving differences with in the grid.</div><div>  1> IP's can be dynamic. I ran int o a few grids where the region IP;s would change from time to time. Setting a callback on each grid was out of the question. No all grid expose there grid service to the wilds of the internet. And getting a grid operator to run a web script for you is very hard task. </div><div> 2> Not all grid run the same script engines or landscape. Meaning, not all features available to use like groups.</div><div><br></div><div> So what I did was set up a register script. This script has an hash/password and creates an access key, registers the object with your external service. This is also where I  register the URI for the http server if available. And we pass back a token to use for the next 48 hours or reset to use on any further transactions. Why ~48 Hours? Well this is when the URL seams to expire and need to be refresh.   </div><div><br></div><div> I practice, I have a grid hash and a user hash I use. The Grid hash is for identifying the grid where it being sourced at, and the user hash is the one that get assigned to the creator/owner of the scripts running. This is still not perfect, you could spoof some items. </div><div><br></div><div> Problem with open sim the scripts are readable to who ever has the permissions too  And they come easy, unless the grid imposing this level of security and limit it to only the fewest to use,  all can be open to everyone.  </div><div><br></div><div> So what I suggestion is not a solution to linking ip to region UUID but to set up a username/password for your apps :)</div><div><br></div><div>  What you can do is, set up an external web script that access the region database file pole to see if the ip/region name is valid.   </div><div><br></div><div>david</div><div> </div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jul 23, 2017 at 3:56 PM, Cinder Roxley <span dir="ltr"><<a href="mailto:cinder@alchemyviewer.org" target="_blank">cinder@alchemyviewer.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word;line-break:after-white-space"><span class=""><div id="m_2019267042324584984bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">On July 23, 2017 at 2:27:34 PM, Haravikk (<a href="mailto:opensim@haravikk.me" target="_blank">opensim@haravikk.me</a>) wrote:</div> <blockquote type="cite" class="m_2019267042324584984clean_bq"><span><div style="word-wrap:break-word"><div></div><div>
<div>After digging around it's starting to look like the
answer is a "no" to this capability at present (do feel free to
correct me if that's wrong, pretty please!) so I'm thinking about
what it would take to add it.</div>
<div><br></div>
<div>There are only really two key features needed to
support it however:</div>
<div><b><br></b></div>
<div style="text-align:center"><b>Add an
X-OpenSim-Grid header to llHTTPRequest()</b></div>
<div style="text-align:center"><b><br></b></div>
<div>The idea here is to add a new X-OpenSim-Grid header
to all llHTTPRequest() calls, automatically containing the current
grid's login URI, nickname and full name, in a format resembling
the following:</div>
<div><br></div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div><span style="font-family:Monaco">X-OpenSim-Grid: <a href="http://mygrid.com/login" target="_blank">http://mygrid.com/login</a>; nick_name=my_grid; name="My
Grid"</span></div></blockquote></div></div></span></blockquote><div><br></div></span><div>x-grid-info:// makes a better resource identifier for grids:Â <a href="https://alchemy.atlassian.net/wiki/pages/viewpage.action?pageId=28737538" target="_blank">https://alchemy.<wbr>atlassian.net/wiki/pages/<wbr>viewpage.action?pageId=<wbr>28737538</a>Â The nick and the name can be easily pulled from get_grid_info/</div><span class=""><br><blockquote type="cite" class="m_2019267042324584984clean_bq"><span><div style="word-wrap:break-word">
<div style="text-align:center"><b>Enable
Querying of IP and Region Name</b></div>
<div style="text-align:left"><b><br></b></div>
<div>
<div>My thinking is that a new request would be supported
on a grid's login URI (if possible); whereby, instead of logging
in, the sender queries the grid about whether a given region name
exists with a given IP address or not, with the server responding
either true or false. There should be no viable risk of
exploitation here as the call will only return true if the sender
already knows both a valid IP address and region name; all it can
therefore do is confirm that <region name> is currently
provided by a server at <IP address>.</div></div></div></span></blockquote><div><br></div></span><div>You can already POST to the grid service to get this information, although the grid service isn’t always exposed publicly: <a href="http://opensimulator.org/wiki/GridService" target="_blank">http://opensimulator.org/wiki/<wbr>GridService</a> </div><span class=""><br><div><blockquote type="cite" class="m_2019267042324584984clean_bq" style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><div style="word-wrap:break-word;line-break:after-white-space"><div>Adding this to the login URI seems like the simplest option, but it may not be the cleanest (is it polluting the login URI to have it handle other things like this?), however, with the login URI being the primary point of contact for a grid it seems like the most logical way to do it to me. If anyone has any other ideas where the query should be performed (and how the necessary info can be passed to a web-service) please let comment!</div></div></span></blockquote></div></span><p>Please don’t pollute the endpoint. While it may be convenient, the login service may not even have access to the grid service and it doesn’t belong there. The services are tangled up enough as it is. I would think the Gatekeeper service would be more appropriate, but don’t quote me on that.</p><div><span class=""><blockquote type="cite" class="m_2019267042324584984clean_bq" style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><div style="word-wrap:break-word;line-break:after-white-space"><div><blockquote type="cite" class="m_2019267042324584984clean_bq" style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><div style="word-wrap:break-word;line-break:after-white-space"><div><blockquote type="cite" class="m_2019267042324584984clean_bq" style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><div style="word-wrap:break-word;line-break:after-white-space"><div><blockquote type="cite" class="m_2019267042324584984clean_bq" style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><div style="word-wrap:break-word;line-break:after-white-space"><blockquote type="cite"><div><div style="word-wrap:break-word;line-break:after-white-space"><div>Okay, so I just found that there's no way to retrieve a region's UUID in a script so you can ignore that part; though I had thought it would be a better way to identify a region (in case a region is renamed).</div></div></div></blockquote></div></span></blockquote></div></div></span></blockquote></div></div></span></blockquote></div></div></span></blockquote><div><br></div></span><div>Also, bear in mind having one, two, five, or one hundred regions with the same name on the same ip address is perfectly valid in OpenSim.</div><span class=""><br><blockquote type="cite" class="m_2019267042324584984clean_bq" style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><div style="word-wrap:break-word;line-break:after-white-space"><div><blockquote type="cite" class="m_2019267042324584984clean_bq" style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><div style="word-wrap:break-word;line-break:after-white-space"><div><blockquote type="cite" class="m_2019267042324584984clean_bq" style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><div style="word-wrap:break-word;line-break:after-white-space"><div><blockquote type="cite" class="m_2019267042324584984clean_bq" style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span><div style="word-wrap:break-word;line-break:after-white-space"><blockquote type="cite"><div><div style="word-wrap:break-word;line-break:after-white-space"><div>Though that does raise the separate question; would there be any harm in making a region's UUID available to scripts and/or sending it as a HTTP header? It just seems like it would be a good way to handle any region that is renamed, because as long as the GUID is kept the same then web-services (and grids) could recognise that it's the same region and treat it accordingly.</div></div></div></blockquote></div></span></blockquote></div></div></span></blockquote></div></div></span></blockquote></div></div></span></blockquote><div><br></div></span><div>Changing a region’s UUID is as easy as changing its name, and just as easy to spoof in most cases.</div><br></div></div>
<br>______________________________<wbr>_________________<br>
Opensim-dev mailing list<br>
<a href="mailto:Opensim-dev@opensimulator.org">Opensim-dev@opensimulator.org</a><br>
<a href="http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev" rel="noreferrer" target="_blank">http://opensimulator.org/cgi-<wbr>bin/mailman/listinfo/opensim-<wbr>dev</a><br>
<br></blockquote></div><br></div>