Free llHTTPRequest() storage!

*Updated Sep 22nd 2007*

You can find a sphere to register with at
secondlife://Breakers%20DAlliez/157/253/22

From the registration note card:

I wrote a CGI to read/save data on my server via llHTTPRequest. I figured, why not let other people use it? Its silly for everyone to have to 'roll their own' to get this done. I already wrote a nice fast CGI (written in C), and I have bandwidth to spare... so why not?

Simply say "register" at the registration box.
You should receive an IM with your password.
Once registered, here are the details you'll need:

The server is located at: "http://64.142.120.51/sl.cgi?"


News:
May 27th 2006:
Added the "prot" command for syntax updates / news.
Added the "lst" command.

Sep 22nd 2007:
Cleared all accounts.
If you want to use the service you will need to re-register.
New password generator.

Syntax: sl.cgi?<pass> <command> <argument>

Commands:

req: request a file
stor: store a file
del: delete a file
lst: list files
prot: this listing

Response messages:

General:
Request too large.
No argument provided.
Invalid characters.
Invalid pass key.
Invalid command.
Internal error.

Commands:

req: Error opening file. / <file data>
stor: stor failed. / stor complete.
del: del failed. / del complete.
lst: lst failed. / No Files / <CSV Listing>
prot: Prot file unavailable / <This data>

Here is a sample request:
http://64.142.120.51/sl.cgi?mypass%20stor%20myfile.txt


The information to store needs to be sent in the body, and the HTTP_METHOD you need to use for the "stor" command is POST. For the others you can leave it blank or set it to GET. The hard-set file size limit in the CGI is 10K.

Legal Disclaimer:
This service is provided with NO WARRANTY and I assume no responsibility for lost or stolen data, downtime, lost profits, hair loss or discoloration in applied area. Batteries not included. Please guard your passwords! If you wish to terminate your account please contact Carl Omlet in-world. I will not (willfully) let your data into anyone's hands except by court order or DCMA request or such similar legal circumstances. No server or network transmission is %100 secure. Please encrypt any sensitive data!

This is still up by the way, the location where the register box is gone, but if you email me at [email]dist@bhmm.net[/email] I can register you.. Or i can just rez the box where you are and let you do it.

You could set a copy under the larger tree next to my money tree at
Charissa (250, 165, 125)

There is now a red Sphere at the location listed in the post above this mentioned by grumble.
Thanks grumble!

This is an sample LSL script that will get the protocol help file:

//HTTPRequest() Settings.
string sp = "%20"; //Space character so we don't have to waste time encoding.
string url = "http://64.142.120.51/sl.cgi?"; //Server URL, shouldn't change.
string pass = "mypass"; //Your server pass.

//Commands
string req_cmd = "req"; //Reqest command.
string stor_cmd = "stor"; //Stor command.
string prot_cmd = "prot"; //Gets the protocol help file.

//Files
string my_file = "text.txt";

key httpd_id;

default
{
    touch_start(integer total_number)
    {
        httpd_id = llHTTPRequest ( url + prot_cmd, [ HTTP_METHOD, "GET" ], "" );
    }
    http_response(key request_id, integer status, list metadata, string body)
    {
        //Make sure the httpd_id is correct!
        if ( request_id == httpd_id )
        {
            llInstantMessage ( llGetOwner(), "\n" + body );
        }
    }   
}

This seems harder to use, less secure, and probably less reliable than the similar functionality I offered awhile back. It also doesn't offer any encryption or scrambling at all. Even with the best available scrambling, mine got lots of pushback on the "who are you and what do you want with my data?" issue.

Seems like most people want to roll their own, however badly, just to avoid the trust issue.

But, best of luck with it. You might want to look at my example or Zero Linden's silo (linked in the above thread) to see how to do this without abusing HTTP so much.

The scrambling would be the client's problem in LSL.
Server side scrambling would be silly. Just because someone *says* they are encrypting the data doesn't mean anything, and if anything is false security.
Doing encryption in LSL is a joke because its not that great and very slow.

I did some tests with the LSL built-in fast "encrytion" and mangaged to get the data back out pretty quickly.

Even with a trusted server, a man-in-the-middle attack would comprimise the system.
I cant really think of any uses for llHTTPRequest that actually seem like they need security in the first place. If your doing transactions or something sensitive, keep in in LSL where its fairly safe.

The real use for this is just perm storage of info for prims that aren't going to always be around or need to be mobile, or just storing lots of data.

Anyway, I'm thinking i might just release the C file for my CGI.
Its quite small, but it does the trick.

However, on my server its a little more secure than elsewhere because its compiled with protection to prevent buffer overflow exploits and such. Most people wouldn't bother to set that up.

I dont really care if anyone uses it or not. I just set it up for my own use and figured I'd let others use it as well.

(Updated)

The CGI is still online and working.
I updated the SLurl for the registration sphere.
If you would like a copy of the CGI for yourself ( and you know C ) let me know.

Tx carl for this service. However I'm unable to delete.... any problem ?

Odd. I'll go take a look at the file permissions to see if that is the problem.

Update:
Found the problem and its fixed.
Thanks for pointing that out.
Delete fails weren't being properly handled.
In some cases filenames were getting mangled as well.

If you want to run your own copy of the CGI, its available online.
http://temp.bhmm.net/slcgi.c
http://temp.bhmm.net/slcgi.h

Be careful running the CGI without memory protection, its a cheap/fast hack written in plain C.

If your on linux, mudflap works well for this.
gcc -fmudflap -lmudflap -O0 -g0 slcgi.c -o sl.cgi

Thanks.

This still active?