Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE

Free Vendors "Hacker Friendly?"

Dragger Lok
(loading ...)
Join date: 10 Sep 2006
Posts: 228
09-09-2007 09:54
Before I start playing with free vendors, how safe are they from hackers? would take all the joy out of the time invested real fast-
Shadow Subagja
Registered User
Join date: 29 Apr 2007
Posts: 354
09-09-2007 10:02
I don't think there is a hard fast rule about free scripts. They range from horribly written musings intended as discussion and learning tools to artfully crafted commercial grade tools that were just so good the author had to share them. And everything in between.
Chaz Longstaff
Registered User
Join date: 11 Oct 2006
Posts: 685
09-09-2007 10:20
If you're just planning on running a biz for fun, or maybe even at a loss, and don't plan to be making much stuff and so have the time for tinkering with the vendors instead, why not just go for the free stuff?
Lear Cale
wordy bugger
Join date: 22 Aug 2007
Posts: 3,569
09-09-2007 10:24
The ones posted in public forums are the best bet, since folks have had a chance to look at them and criticize.
Max Pitre
Registered User
Join date: 19 Jul 2006
Posts: 370
09-09-2007 14:22
Used to use the free ones but now that I have the JEVN system I am much happier. I now don't see how I even used the free ones, not that they weren't any good but they are what they are...free.
Chaz Longstaff
Registered User
Join date: 11 Oct 2006
Posts: 685
09-09-2007 14:27
Yeah, i looked at the freebies too, but I figured, look any time i have needs to go to the biz, not supporting the toys that are supposed to be supporting me. So i went with JEVN too. That way, JEVN is supporting my servers, and I get to get on with the core activities of my biz.
Dragger Lok
(loading ...)
Join date: 10 Sep 2006
Posts: 228
"Hacker Friendly"
09-10-2007 04:12
Thanks all for the comments, but what I wanted to find out from a scripting perspective, are the free vendors safe from financial hacking, are they easily compromised.
Zephy Toshihiko
Registered User
Join date: 3 Dec 2006
Posts: 12
09-10-2007 06:02
I have used a free one from 'Drifting thoughts' (at Therianation) for a long time with no issues. If you go with a reputable one you should be okay. From a hacker point of view, if the vendor is not 'dodgy' then hackers would try and intercept messages from the script I guess, so as long as it doesn't do that probably okay.
Auron Reardon
Registered User
Join date: 30 Jun 2006
Posts: 41
09-10-2007 06:13
>>what I wanted to find out from a scripting perspective, are the free vendors safe from financial hacking>>

Dragger, as Shadow pointed out in the first reply, there is no way to answer your question - it is too broad. One script might be easily comprimised while another can not.

Take one of the scripts that you want to use and post it here. Then people can specifically tell how strong that script is.
Paulo Dielli
Symfurny Furniture
Join date: 19 Jan 2007
Posts: 780
09-10-2007 07:03
I am using the free holovendor from Hiro ... (don't know last name now) and have had no security issues whatsoever. It's a little awkward when you set it up for the first time and the vendor asks if it can take money from you. But it's safe and a great gift from Hiro for the community.
Kenn Nilsson
AeonVox
Join date: 24 May 2005
Posts: 897
09-10-2007 07:12
From: Paulo Dielli
I am using the free holovendor from Hiro ... (don't know last name now)


Hiro Pendragon is the name I believe. His free vendors are popular and solid.
_____________________
--AeonVox--

Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms chasing ghosts, eating magic pills, and listening to repetitive, addictive, electronic music.
Bloodsong Termagant
Manic Artist
Join date: 22 Jan 2007
Posts: 615
09-10-2007 07:41
heyas;

i would say, in general, they are NOT 'hacker friendly.' meaning, there's not really a way anyone else can get into them and steal anything from them.

basically, they're all pretty straightforward. they set pay prices, they accept money, they deliver stuff from their inventory upon the money event. they don't use much in the way of link messages (except maybe a few button scripts), which doesn't even apply, because you're not giving people your vendors. (so they can't attach link message listeners, for example.)

none that i have ever seen use any whisper/say/shout channels to send any information whatsoever, so those cannot be snooped, and hackers couldn't make a device to say "/358 give me a blue light special" or whatever to get free items or money.

the worst a hacker/scammer can do is put a transparent object over your vendor that accepts money, and people think they are paying your machine.


i have used yiffy yaffle's hibrid vendor, and the svn vendor. if you're looking for quick startup, the hibrid is easy to customize. if you're looking for more features, then svn is loaded.


there is one vendor exploit you want to watch out for. i will not post it publically, because it is quite easy to use. (you can im me.) in regard to this exploit, i think the svn vendor is more prepared. (but then again, ive customized the hibrid one so much, maybe i took it out when i was an ignorant callow youth....)

also make sure your vendor uses the 'pay hide' method, which produces one pay (or cancel) button of the proper price, and doesn't allow the user to input any old number they bloody well feel like.

if you are uncomfortable using a vendor that asks to debit your account, then don't. i'm not a major mogul, but i dont allow anything to debit my account, and i havent had any difficulties yet. (knock on wood.)
_____________________
Why Johnny Can't Rotate:
http://forums.secondlife.com/showthread.php?t=94705
Lemieux Primeau
Registered User
Join date: 25 Oct 2006
Posts: 49
09-10-2007 08:08
>>...none that i have ever seen use any whisper/say/shout channels to send any information...>>

Yes, the key thing to look for is whether the script is using chat, linked messages, llDialogs or any other communication functions for configuration outside of the script itself. If, for example, prices are set by hardcoding them directly into the script as opposed to saying them on a chat channel, it is more secure.

Then there are alot of business logic design issues too. As Bloodsong mentions, not having the pay text box visible is important assuming you are requiring a certain price for something (as opposed to letting the buyer enter anything they want). If the script is designed to let the buyer enter whatever they want, how well does the script validate the amount against the product selected? How solid is the code that handles overpayments and refunds?

Again, this is all about evaluating a particular script. It can't be determined based on whether you paid for the script or not.
Dragger Lok
(loading ...)
Join date: 10 Sep 2006
Posts: 228
Excellent &TY
09-10-2007 14:29
Thanks all, just the feedback I was looking for.