Second Life Forums Archive - llHTTPRequest and Security

Dave Attenborough

Registered User

Join date: 1 Feb 2007

Posts: 4

03-18-2007 13:46

hi,

am planning to do a small mp3-shop to sell my songs from sl. i want realise that with a
llHTTPRequest to a php-script on my server that copy the file just for one download in a
special folder. What i want to know is: is llHTTPRequest secure? or is it possible to read out
the parameters with an sniffer programm?

thanks for helping me with that.

Keknehv Psaltery

Hacker

Join date: 11 Apr 2005

Posts: 1,185

03-18-2007 14:10

I seem to recall hearing about someone on the teen grid doing that, and he was banned for copyright infringement. I would highly encourage you not to try and sell copyrighted works in SL.

On the other hand, if it's your own music, go ahead. As far as I know, there is no way for an outsider to "sniff" llHTTPRequests coming from the SL grid.

_____________________

LSL Wiki | Scripting Mentors | Keknehv's Particle Script | WarpPos

Dave Attenborough

Registered User

Join date: 1 Feb 2007

Posts: 4

03-18-2007 14:26

From: Keknehv Psaltery

I seem to recall hearing about someone on the teen grid doing that, and he was banned for copyright infringement. I would highly encourage you not to try and sell copyrighted works in SL.

On the other hand, if it's your own music, go ahead. As far as I know, there is no way for an outsider to "sniff" llHTTPRequests coming from the SL grid.

thanks for the answer. no i don't want to plan to put there copyrighted music. only my own stuff. can't believe that someone is stupid enough to do that here in sl.

Keknehv Psaltery

Hacker

Join date: 11 Apr 2005

Posts: 1,185

03-18-2007 14:30

And to further the stupidity, he didn't even have a php script to copy the music-- it was all in a music folder, and you could browse the directory root. There were over 2000 songs in that directory.

To be fair, it was the teen grid.

_____________________

LSL Wiki | Scripting Mentors | Keknehv's Particle Script | WarpPos

Kenn Nilsson

AeonVox

Join date: 24 May 2005

Posts: 897

03-18-2007 18:11

As far as I am aware, an llHTTPRequest essentially exits the SL metaverse as a GET or POST and therefore enters the internet with the same security benefits and flaws of a normal GET or POST.

_____________________

--AeonVox--

Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms chasing ghosts, eating magic pills, and listening to repetitive, addictive, electronic music.

Sys Slade

Registered User

Join date: 15 Feb 2007

Posts: 626

03-18-2007 18:14

It goes from the server side though, so a client should never have the opportunity to see what address is being called. Unless of course there's another permissions screw up

Dave Attenborough

Registered User

Join date: 1 Feb 2007

Posts: 4

03-21-2007 08:05

thanks for the answer. thats what i really needed to know.

From: Sys Slade

It goes from the server side though, so a client should never have the opportunity to see what address is being called. Unless of course there's another permissions screw up

llHTTPRequest and Security
Dave Attenborough Registered User Join date: 1 Feb 2007 Posts: 4	03-18-2007 13:46 hi, am planning to do a small mp3-shop to sell my songs from sl. i want realise that with a llHTTPRequest to a php-script on my server that copy the file just for one download in a special folder. What i want to know is: is llHTTPRequest secure? or is it possible to read out the parameters with an sniffer programm? thanks for helping me with that.
Keknehv Psaltery Hacker Join date: 11 Apr 2005 Posts: 1,185	03-18-2007 14:10 I seem to recall hearing about someone on the teen grid doing that, and he was banned for copyright infringement. I would highly encourage you not to try and sell copyrighted works in SL. On the other hand, if it's your own music, go ahead. As far as I know, there is no way for an outsider to "sniff" llHTTPRequests coming from the SL grid. _____________________ LSL Wiki \| Scripting Mentors \| Keknehv's Particle Script \| WarpPos
Dave Attenborough Registered User Join date: 1 Feb 2007 Posts: 4	03-18-2007 14:26 From: Keknehv Psaltery I seem to recall hearing about someone on the teen grid doing that, and he was banned for copyright infringement. I would highly encourage you not to try and sell copyrighted works in SL. On the other hand, if it's your own music, go ahead. As far as I know, there is no way for an outsider to "sniff" llHTTPRequests coming from the SL grid. thanks for the answer. no i don't want to plan to put there copyrighted music. only my own stuff. can't believe that someone is stupid enough to do that here in sl.
Keknehv Psaltery Hacker Join date: 11 Apr 2005 Posts: 1,185	03-18-2007 14:30 And to further the stupidity, he didn't even have a php script to copy the music-- it was all in a music folder, and you could browse the directory root. There were over 2000 songs in that directory. To be fair, it was the teen grid. _____________________ LSL Wiki \| Scripting Mentors \| Keknehv's Particle Script \| WarpPos
Kenn Nilsson AeonVox Join date: 24 May 2005 Posts: 897	03-18-2007 18:11 As far as I am aware, an llHTTPRequest essentially exits the SL metaverse as a GET or POST and therefore enters the internet with the same security benefits and flaws of a normal GET or POST. _____________________ --AeonVox-- Computer games don't affect kids; I mean if Pac-Man affected us as kids, we'd all be running around in darkened rooms chasing ghosts, eating magic pills, and listening to repetitive, addictive, electronic music.
Sys Slade Registered User Join date: 15 Feb 2007 Posts: 626	03-18-2007 18:14 It goes from the server side though, so a client should never have the opportunity to see what address is being called. Unless of course there's another permissions screw up
Dave Attenborough Registered User Join date: 1 Feb 2007 Posts: 4	03-21-2007 08:05 thanks for the answer. thats what i really needed to know. From: Sys Slade It goes from the server side though, so a client should never have the opportunity to see what address is being called. Unless of course there's another permissions screw up

Welcome to the Second Life Forums Archive

llHTTPRequest and Security