<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">unless there have been profound recent
changes in the OS services connectors structure that i've failed
to notice (which is QUITE possible), all end-user accessibility is
handled by port 8002 and the rest (connection services) is
governed by port 8003 (in a standard ROBUST based grid setup).
therefore, placing :8003 behind your firewall (thus preventing
'unauthorized' outside users from attaching to your grid services)
should not interfere with public/open access via viewers on :8002
which would remain outside the firewall. afaik, this is the only
reliable and in my experience completely effective solution to the
problem.<br>
<br>
i also believe the security key function was removed by concensus
as it didn't provide any hardcore security.<br>
<br>
hope this helps and is remotely correct in it's technical
assumptions - or at least follows the path your concerns and
argument were headed...<br>
<br>
- core<br>
<br>
On 10/7/2012 11:50 AM, Tom Haines wrote:<br>
</div>
<blockquote
cite="mid:CAJCW53vLjMGoJ1ArVp_pjz2F9vaGCqBMFJxw2qAGOMcssrSHxQ@mail.gmail.com"
type="cite">I disagree that this should not be considered a
concern. Under this security model, anyone with the information to
connect to the grid as a user has enough information to connect a
region to the grid.
<div><br>
</div>
<div>I am concerned with this as an operator of an educational
grid. We offer our services to students and educators with the
understanding that we can limit the objectionable content they
would be exposed to in SL or other public OpenSim grids.
Obviously if anyone can connect their own regions without
authorization from the grid operators, our ability to offer this
service is compromised. <span></span></div>
<div><br>
</div>
<div>I know there were pass keys used in the past to authenticate
regions, but I believe this functionality has been removed. I
haven't seen anything on the website regarding this. I've read
before that firewalls are the best defense, but this is
untenable, since our usage requirements demand controlled access
by region operators, but open access to end users from
heterogeneous network environments. </div>
<div><br>
</div>
<div>Could someone weigh in with the official line on this?<br>
<br>
On Sunday, October 7, 2012, Fleep Tuque wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Josh,
<div><br>
</div>
<div>As far as I know, in order to connect a region to your
grid, someone would need to know all the connection details
and unless you provide that information, I'm not sure how
anyone would know how to or be able to connect to your grid.
FleepGrid has been running for nearly 2 years and I've
never seen any attempts to connect a rogue region as far as
I know, so I'm not sure it's much of a concern.</div>
<div><br>
</div>
<div>I'll let someone with more knowledge of the possible
configuration options address any .ini settings that you
might be able to use to disable region connections, but if
this is a security issue or problem, it's the first I've
heard of it.</div>
<div><br>
</div>
<div>Sincerely,</div>
<div><br>
</div>
<div>- Chris/Fleep</div>
<div><br>
</div>
<div>Chris M. Collins (SL/OS: Fleep Tuque)</div>
<div>Center for Simulations & Virtual Environments
Research (UCSIM)</div>
<div>
UCIT Instructional & Research Computing</div>
<div>University of Cincinnati</div>
<div>406A Zimmer Hall</div>
<div>315 College Drive</div>
<div>PO BOX 210088</div>
<div>Cincinnati, OH 45221-0088</div>
<div><a moz-do-not-send="true" href="javascript:_e({}, 'cvml',
'chris.collins@uc.edu');" target="_blank">chris.collins@uc.edu</a></div>
<div>(513) 556-3018</div>
<div><br>
</div>
<div><a moz-do-not-send="true" href="http://ucsim.uc.edu"
target="_blank">http://ucsim.uc.edu</a><br>
<br>
<div class="gmail_quote">On Sun, Oct 7, 2012 at 9:52 AM,
Joshua Rubeck <span dir="ltr"><<a
moz-do-not-send="true" href="javascript:_e({}, 'cvml',
'jrubeck1989@gmail.com');" target="_blank">jrubeck1989@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Okay
so here is a question for everyone. Myself and a few
others are setting up a grid for public use, but we do
not want other people to be able to connect their
regions on a home based computer to our grid. One of my
friends remembers that there used to be a setting that
would prevent an opensimulator instance from connectiong
to robust without authentication but I cannot find that
in the configuration files. Is there a configuration
that allows us to run a public grid without other people
being able to connect their regions to our gird.
<br>
_______________________________________________<br>
Opensim-users mailing list<br>
<a moz-do-not-send="true" href="javascript:_e({},
'cvml', 'Opensim-users@lists.berlios.de');"
target="_blank">Opensim-users@lists.berlios.de</a><br>
<a moz-do-not-send="true"
href="https://lists.berlios.de/mailman/listinfo/opensim-users"
target="_blank">https://lists.berlios.de/mailman/listinfo/opensim-users</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Opensim-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Opensim-users@lists.berlios.de">Opensim-users@lists.berlios.de</a>
<a class="moz-txt-link-freetext" href="https://lists.berlios.de/mailman/listinfo/opensim-users">https://lists.berlios.de/mailman/listinfo/opensim-users</a></pre>
</blockquote>
<br>
</body>
</html>