[Opensim-users] Announcement of inventory tool (MyInventory), mostly of interest to grid operators/grid nauts
Diva Canto
diva at metaverseink.com
Mon Nov 19 00:27:03 UTC 2012
On 11/18/2012 12:23 PM, Snowcrash Short wrote:
> E.g. the vulnerabilities discussed with Diva. They are a clear example
> of coders knowingly implementing security safeguards "client side
> (well simulator side, but in a hypergrid that is pretty much the
> same)". Fortunately - and to me hard to understand why they haven't -
> hardening the interfaces somewhat isn't that hard.
Snowcrash,
I strongly suggest that you spend some more studying OpenSim. Your
assumptions are wrong. The lack of security in the internal services is
not an overlook; it's intentional.
The grid services are exactly that -- internal grid services. They exist
with the sole purpose of sharing data among a set of simulators
*operated by the same entity*. That's what they are designed to do, and
nothing else. They don't have safeguards because they don't need them
under those circumstances. They are designed under the assumption that
grid operators will firewall them, because that's the absolute safest
way of protecting data. Open grids a-la OSGrid are incurring in a huge
risk. Luckily there aren't that many, at least not when compared to the
total number of grids that do the right thing. OSGrid is special -- it's
a test grid, and we all love it for that, security holes and all.
The Hypergrid services are completely different and separate from the
internal grid services. They have all sorts of security guards designed
for the Hypergrid and not for general-purpose access. They are safe for
the purposes for which the HG has been designed.
If you want grids to place their data on the Internet, you need to
provide a viable implementation of those services for whatever purposes
you have in mind. The internal services will not be patched, because
they don't need security.
Diva
More information about the Opensim-users
mailing list