[Opensim-users] Announcement of inventory tool (MyInventory), mostly of interest to grid operators/grid nauts
Diva Canto
diva at metaverseink.com
Fri Nov 16 13:14:15 UTC 2012
On 11/15/2012 11:34 PM, Snowcrash Short wrote:
> I'm not terribly familiar with the terminology used by the core, to
> somebody with my intelligence or lack thereof the number of interfaces
> and their differences are a bit bewildering (but hey, my code is
> bewildering too). The webservices I rely on can be found in the config
> files under [AssetService] and [InventoryService]. E.g.
> AssetServerURI = "http://assets.osgrid.org"
> InventoryServerURI = "http://inventory.osgrid.org"
This would be a really bad idea, and I'll be the first to discourage
grid operators from doing this. You're basically asking grid operators
to place their internal inventory services on the Internet, which would
put inventories at risk. Wiping out entire inventories would be trivial.
(Yes, osgrid does this, but that's because it has no choice, given its
purpose and configuration)
These services are designed to be called by the simulators *only*. They
are devoid of any security or permissions checks *whatsoever*. They're
basically just getters/setters for the database. That's on purpose; in a
system like what we have at hand, the simulators are the ones doing the
security / permissions checks, so doing them again in the backend
[internal] services would be redundant.
That's why we have been designing other services on top of the database,
the HG services, which toughen security. So pointing this to the HG
services might make sense. You'll find those configs in the HG versions
of the configuration files under the [LoginService] section.
More information about the Opensim-users
mailing list