[Opensim-users] Banning "bad" viewers was Re: Can this be done?
Marcus Llewellyn
marcus.llewellyn at gmail.com
Thu Jan 14 16:15:28 UTC 2010
Okay, it's quite possible I'm mistaken, but my understanding was that the
-channel command line parameter on the viewer allows a user to represent
themselves as pretty much any other viewer. If I'm incorrect, then the rest
of this message is to be disregarded. :P
Putting aside whether or not viewer string filtering has merit or not, it
seems to me that if one must use this approach, then mandating use of the
official vanilla viewer (or indeed, any current variant I know of) is *not*
the way to go. You would want one that did not acknowledge the -channel
parameter at all. And you wouldn't stop there.
In fact, since using any viewer to spoof the viewer string is no more
difficult then changing the shortcut to connect to a different grid. This
isn't even obscure... really it's not. Most grids have a "How to connect"
page, and it doesn't take a mental giant to figure out how to add other
parameters to what's on there. No coding skills are required.
To attempt security by obscurity (if we define coding skills as a
prerequisite for defeating it) you will really have to maintain your own
version of the viewer. One that ignores a -channel parameter, and probably
one that goes the extra step of sending at least one other string that the
server expects to intercept for a successful login. And if you're gonna do
that, why not go whole hog and make the client exchange keys to authenticate
itself?
Sounds like a hassle to me. Wouldn't it simply be easier to make your grid
invitation only or something?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-users/attachments/20100114/4ec4f748/attachment.html>
More information about the Opensim-users
mailing list