Secure XML - Follow Up Question ...

This is a follow up question with regards to secure XML ( sending via XML RPC for payment )

If I can connect to an object in Second Life and send money what type of security would be in place that would stop "anyone" from contacting that object ( using XML RPC ) and then using it also to send out money as well?

That is to say - using the XML RPC I'm not saying "who I am" - I just have the ID of the object - doesn't that mean that anyone would be able to do the same?

Tks,
TB

If I am not mistaken, in order to contact a prim "in world", you would need to know the channel UUID on which the prim is listening on. This UUID is different from the asset UUID, but just as long.

Hi Udar and thanks for the reply back. Would that suggest then that XML communication to second life objects is a secure way to communicate ( i.e. could someone else call the object from the outside? )

In general - is there a way to confirm that the request is "valid".

Thanks - TB

ANYBODY can contact the object in-world, BUT they would need to know
(1) the Channel UUID
(2) what type of data to send to the object so that it makes sense to the object receiving it.

What I mean by (2) is:
you can only send up to three things in your XML-RPC request:
a channel UUID (reqired), a string and an integer. So, I can send a string "Hello" or an integer with a value "23" or both. Now, if the object in world receives the word "Hello" and the number 23, if it is not programmed to know what to do with that, then the request is useless.

A hacker would have to know what the object expects!

For example: I can program my object to expect the word "UPDATE" and a number 22. Then AND ONLY IF THE WORD IS EXACTLY "UPDATE" I would do something special with that number I received. Otherwise, ignore the request and reply with an error.

Does it make sense?