This is a really easy, really basic way of securing objects chat. Basicly just stops the more basic users from messing something up >.>
https://wiki.secondlife.com/wiki/User:Jana_Kamachi/Simple
These forums are CLOSED. Please visit the new forums HERE
[Source Code]Simple Secure |
|
|
Jana Kamachi
Registered User
Join date: 19 Apr 2007
Posts: 111
|
11-19-2007 23:24
This is a really easy, really basic way of securing objects chat. Basicly just stops the more basic users from messing something up >.>
https://wiki.secondlife.com/wiki/User:Jana_Kamachi/Simple |
|
Kidd Krasner
Registered User
Join date: 1 Jan 2007
Posts: 1,938
|
11-20-2007 08:46
It's not even close to being secure. Keeping out only naive crackers creates a false sense of security, which is worse than no security at all.
In many cases, checking the owner is enough. In other cases, use MD5 with a shared secret, timestamp and object keys. Never use channel 0 for this type of communication. Never, ever. There's no excuse in this case. Learn to use llOwnerSay instead of llSay. |
|
Jana Kamachi
Registered User
Join date: 19 Apr 2007
Posts: 111
|
11-20-2007 10:03
People again assume this is a working script. no. its an idea. My own items use a 128-bit hash and a generated key from my webserver. Obviously you wouldn't use 0, why do you think its a variable? Its just an example of stopping some noob doing what happened to FP, and just saying a value on a channel to change their alingment.
|
|
Meade Paravane
Hedgehog
Join date: 21 Nov 2006
Posts: 4,845
|
11-20-2007 10:32
People again assume this is a working script. no. its an idea.. /me looks for some previous mention (or even an implication) that this is not a working script. _____________________
Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!!
- Go here: http://jira.secondlife.com/browse/SVC-1224 - If you see "if you were logged in.." on the left, click it and log in - Click the "Vote for it" link on the left |
|
Jana Kamachi
Registered User
Join date: 19 Apr 2007
Posts: 111
|
11-20-2007 11:00
None of my scripts are commplete examples, its why I post them under snippets on my page >.>
|
|
Kidd Krasner
Registered User
Join date: 1 Jan 2007
Posts: 1,938
|
11-21-2007 10:23
People again assume this is a working script. no. its an idea. My own items use a 128-bit hash and a generated key from my webserver. Obviously you wouldn't use 0, why do you think its a variable? Its just an example of stopping some noob doing what happened to FP, and just saying a value on a channel to change their alingment. If it's so obviously wrong, why did you use it? Look, people learn from examples. It's a fast and easy way to get up to speed, but by itself, it's a poor way to learn. It bypases issues and concepts. Still, many people do it anyway, so if you're going to publish examples to help people, it's important that they be well written. Furthermore, you have absolutely no control over who reads the example, you can't assume they have some minimum level of understanding, so there's no way to be sure that it would be obvious to the reader. If you really want to avoid the issue of selecting channels, then don't bother with the declaration at all. People will either know what to do, or go elsewhere to figure it out, but at least they won't get the idea from you that channel 0 is a plausible choice. Better yet, just write it as CHANNEL = <insert some reasonable channel here>; so the reader knows what needs to be done, even if they don't know how. Now let's back up a bit. If this is just an idea, why is it written as code, not even pseudo-code? Code is for expressing implementations, not ideas. This gets back to my point that examples alone aren't good for explaining concepts, just for illustrating them. Unfortunately, one of the reasons that people to turn examples is that there's inadequate documentation, and that happens because programmers just find it more fun to write code than prose. But in this case, it's pretty easy to describe the concept: Embed a shared secret key within both scripts, use the secret key and a timestamp to calculate a new value in a way that can be reversed (e.g., adding the key to the timestamp), and send that. The listener can undo it to be verify that the sender knows the secret key, after allowing for a small amount of time passing. The timestamp prevents people from reusing the same handshake. This isn't cryptographically secure, and shouldn't be used for anything involving money, property, or security, but it's fine for many game situations where there's little motivation to put effort into cheating the game. Same idea, no code, and anyone who knows not to use channel 0 for inter-object communication is likely capable of figuring out how to code this. |