[Opensim-users] WG: Opensim-users Digest, Vol 16, Issue 23

Ralf Haifisch ralf at ralf-haifisch.biz
Sun Dec 7 15:06:59 UTC 2008 

Hi Adam,

since i´m into security RL (iso 27001, BSI, PCI, ...) I understand what you
mean.  Anyway, technichly there would be a way - implementing a digital
right management , so rhater the objects know about its rights then to build
a safe case (by server based rights, wich every admin can break) around it.

But that is not what I want to go into, since I think we are in a to earlie
stage and modern DRM concepts have proven to be implementable at later
stages.


To me, there is a big difference between the security "not in place" or "in
place, but broken".  This is more a social thing, like murder is possible
but not allowed.

And that way most people think twice about using copybot for realy illegal
stuff, maybe the use it in a way the personaly judge it´s "ok" - like export
objects they bought (paid for) into another grid.


That as a basis - I would think (at least in grid mode) a admin should not
be given full permission on a regular basis if the creator did decide not to
do so.   I see great advantages in case of griefing and so (did run estates
in SL before) - so maybe i´m even wrong.


But we need to document the behavior in the WIKI, so it´s well know.   And
maybe put a concept like:
- full access for Admins
- only possible after you made a switch/request and a log is written to the
grid´s servers
- operate your daily live not as this admin-avatar

Or something like this....


So, this is no "the dev´s did bad things" nor is it "we need a FBI inside" -
but to implement technique or visible concepts as a basis to get more people
trust in the system and choose opensim instead of the major player  ;-)


Adam: thanks for pointing on that and giving me the possibility to be more
precise.


Cheers
Ralf 


---

To address just a tiny portion of this -
if a script is on a server, then the server admin can get it, it's worth
operating any business assumptions you have with that principle in mind.

There's nothing you can do even theoretically to disallow this from
happening (CIL can be reversed back into C# fairly easily - Reflector for
instance can do it accurately). The only ways to prevent that from happening
is to prevent the script from being copied onto that server - one such way
of doing this might be to run the script remotely. (ala a 'hosted' model)

Regards,

Adam

From: opensim-users-bounces at lists.berlios.de
[mailto:opensim-users-bounces at lists.berlios.de] On Behalf Of Ralf Haifisch
Sent: Sunday, 7 December 2008 3:52 AM
To: opensim-users at lists.berlios.de
Subject: [Opensim-users] Permissions

Dearl all,


Earlier Stefan did start with a Permission page on the wiki:



http://opensimulator.org/wiki/OpenSim:Permissions%28Server%29



and today I run in a situation where I just wanted to know "why" that
happened.  I know, that the permissions will not copy SL 1:1, but it was
somehow strange to me and I couldn?t figure it out by using Stefans page.



I went out to a place where someone was working on a youtoube player. He did
post his code earlier, but did decide for the time work goes on to put the
playlist and script no mod/no trans - but the whole player way a "anyone
copy" object.  I did take a copy.



I did reez it on one of my regions.



And now I have full rights.



I guess by Stefans wikipage, that is because i?m an Administrator at my
regions ?



So, how are the rights to other people ?





And want that be a big showstopper for commercial plans ?   only strictly
commercial regions, where is one company holding the Admin account (you have
to trust them, but nothing new) will avoid this problem.





Cheers

Ralf



Ralf Haifisch in SL and osgrid - visit me:    SL - Great white shark
osgrid - Sharkland regions

******************************

More information about the Opensim-users mailing list