confermation button by paying money

lately, i see many complaints about avatars losing money when they accept an item from others. it seems that there are scripts that allow money to be transfered without an approval from the avatar. could there be a button to approve of conferm a moneytransfer, every time money is to be payed? in that way grievers can't steal money.

also about the stealing of accounts: changing the password only after accepting this in a e-mail!

also submitted this to the Feature Voting System. If you agree, please vote for it
proposalnr.3353

If I understand it well they just change the default to "Deny" in the payment window... so if you go for accept it is choice you make.

And e-mail is too insecure for handling passwords.

Morwen.

(sorry about my english... difficult to exactly write what i mean)

there ars scripts that take money when you wear an item containing this script. no way to accept of decline this transfer. so my proposel is to add a button to accept or decline an moneytransfer. just an extra step in the payment protocol.

and about the passwordhandling: not changing the password by emial, just confermation to allow the change of the password. almost all systems do this, only SL not. now when someone else has hacked your account, he can change the password without your approval. you only get a mail about the change of the password.

For more details on this script, including its legitimate uses, bad uses, and how to avoid getting burned by it, see this thread:

/327/ed/196876/1.html

to avoid getting burned by it, is for LL to add a button to aprove or deny a transaction: "Are you shure: yes or no"

I don't believe this is true. Requests for PERMISSION_DEBIT always pop-up a dialog with the "Accept" or "Deny" options.

I don't believe this is possible. If you know of an actual example of such a script, then send it to a Linden immediately, as I'm sure they'd take immediate action. Otherwise, I don't believe such a thing exists.

never had this myself, but on a dutch forum several people warned about an avatar offering a gift, after accepting and wearing this gift, some or all of their money was stolen.
And isn't it better to be safe than sorry? we're still talking about money (L$) here, so why not build in a better security.
it's just an extra button: "are you shure? yes or no"

The said scam is very possible and very easy script. Due to the fact that the script requested permission Debit will keep the permission for until it is reset. So, if the scammer give you an object with script that send him money. And somehow, ask you to Accept the permission once, the object can then warppos away with fully permissive script allow them to get as much money from you for as long as the object's live.

This thing probably not work long on small private sims since it's locked within the small area and sim owner can always return all suspicious objects. But in wide open mainland with lots of open water......

I agree with the idea that there should be a list displaying all options with requested debit permission, with an option to turn off the permission (probably result in the object get returned, like canceling of keyboard permission).

As described originally, it is not at all possible.

That's a seperate issue. No less of a pain, but different than described in this thread, which stated that no permission was ever asked.



Yes, I agree that some overhauling of that system is definitely in order, and I think that LL has heard that message loud and clear finally... Or at least, they are willing to accept patches from open-source devs who have heard it

I hope to see improvements to this system someday in the not-to-distant future.

.

Clearly two things are known:

1) Debit permissions are NEVER EVER NOT ONCE IN A BILLION YEARS granted automatically.
2) Said script was able to debit without asking for permission

This leads us to the only logical conclusion:

IT'S AN EXPLOIT, REPORT IT, DUH!