[Opensim-users] Announcement of inventory tool (MyInventory), mostly of interest to grid operators/grid nauts
Snowcrash Short
snowcrash.short at gmail.com
Mon Nov 19 06:42:09 UTC 2012
Whether to patch an angle of attack is definitely not my decision. If you
and the core team are happy with the users and content creators in open
grids being vulnerable, then I cannot do anything about it.
But ... since standards are good, double ones must be....
best regards
Snowcrash
On Mon, Nov 19, 2012 at 1:27 AM, Diva Canto <diva at metaverseink.com> wrote:
> On 11/18/2012 12:23 PM, Snowcrash Short wrote:
>
>> E.g. the vulnerabilities discussed with Diva. They are a clear example of
>> coders knowingly implementing security safeguards "client side (well
>> simulator side, but in a hypergrid that is pretty much the same)".
>> Fortunately - and to me hard to understand why they haven't - hardening the
>> interfaces somewhat isn't that hard.
>>
>
> Snowcrash,
>
> I strongly suggest that you spend some more studying OpenSim. Your
> assumptions are wrong. The lack of security in the internal services is not
> an overlook; it's intentional.
>
> The grid services are exactly that -- internal grid services. They exist
> with the sole purpose of sharing data among a set of simulators *operated
> by the same entity*. That's what they are designed to do, and nothing else.
> They don't have safeguards because they don't need them under those
> circumstances. They are designed under the assumption that grid operators
> will firewall them, because that's the absolute safest way of protecting
> data. Open grids a-la OSGrid are incurring in a huge risk. Luckily there
> aren't that many, at least not when compared to the total number of grids
> that do the right thing. OSGrid is special -- it's a test grid, and we all
> love it for that, security holes and all.
>
> The Hypergrid services are completely different and separate from the
> internal grid services. They have all sorts of security guards designed for
> the Hypergrid and not for general-purpose access. They are safe for the
> purposes for which the HG has been designed.
>
> If you want grids to place their data on the Internet, you need to provide
> a viable implementation of those services for whatever purposes you have in
> mind. The internal services will not be patched, because they don't need
> security.
>
> Diva
>
>
> ______________________________**_________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/**mailman/listinfo/opensim-users<https://lists.berlios.de/mailman/listinfo/opensim-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-users/attachments/20121119/ff5ee36d/attachment.html>
More information about the Opensim-users
mailing list