How secure is SL's internal email?

I'm currently using some fairly complicated email authentication and I'm wondering if it might all be redundant depending on how secure internal email is (Shouldn't leave SL, Internal object <-> Internal Object).

If it's as hard to get your hands on the contents of an email as it would be to read a script (Assuming there are no more exploits) then a standard strong password known to both scripts should be sufficient to prevent people guessing the commands and would save a lot of script work.

Pretty secure I would say. It is always good to use
llBase64ToString
llXorBase64ToString
for encryption.

And if you are able to, use something non static as your password or encryption key. Like the minute of the day,the hour, month, whatever. In a worst case scenario if you used no encryption at all, I could place a script in an object communicating with your other object and grab the email and exract any return information from it, then i would be able to email the other one with false emails or use it to alter your desired results in some way or another.

And remember, there is nothing wrong with being redundant . Anyway this is just my 2 cents.

You mean a separate object? or the actual object that already exists and is communicating with the "server"? I thought that would have onyl been possible if you had Mod rights or if the object allowed inventory drop?

You could drop a sensor next to the emailing object and grab its key, then send a false email to it and attempt to get it to return you an email and so on, or send mass emails to it so its queue is full all the time, DOS attack... but I don't see how you could, without permissions, infiltrate the existing line of communication "in-game".

It seems secure enough to me.. but if you are transfering extremely private and volatile information, such as information used, sent and stored by an ATM for example.. you should be using an external server anyway.

The ROAM system has mod permissions, so you can put in listeners. Other examples exist, I'm sure.

Emails can be read by any script in the object, so encryption might be a good idea... but nothing overly fancy is needed.

Well i was assuming if the object was to be given to another person, like i said worst case senario.

Basically it's a network vendor thats meant to run entirely by email. Because you can't drop inventory into an object outside the sim it needs to hand direct to the avatar, so if you worked out the authorisation you could make it dispense items (Although that would be really unwise as both the client vendors and inventory manager would email to the owner every sale leaving a paper trail behind).

As only the owner would be able to add scripts to the object it sounds like it should be fine to use.

Interesting about ROAM. I didn't think any of the stuff you could do with SL would produce anything that couldn't be worked out in a few days.

That's what i figured. You should be pretty safe with everything though. Just a bit of encryption, and like i said a non static decryption key would be nice, and you should be able to do this very safely . Also they would need to find your server to start sending emails to it, so your best best may be a big cube around it . Best of luck and if you need any help with it don't be afraid to look me up in world.