Security Question

I'm putting together some trees for sale. I've made a few different versions of them for different seasons, and I'll be selling them all separately, but I'd also like to sell a HUD that can quickly change the season on an entire forest. In addition, I'd like to make the HUD usable by any of the single-season trees, so that if someone wants to upgrade, they don't have to rip out their existing landscaping. They'll just need to buy the HUD, and the HUD will activate the texture change scripting already in the trees.

My problem, though, is making sure that only someone who's actually paid for the HUD has access to those features. My only idea is to use a unique channel or channel range for the HUD and trees, plus a passcode, all based in some way on the owner's key and/or name. I don't know much of anything about security, though, and this setup certainly has vulnerabilities.

Is there a better way to go about doing this?

Hi, Miriel, good to see you. Re-opening a store anytime soon?

If I understand correctly, you are mostly trying to prevent a tree owner from simply typing in the commands your HUD would be issuing? But, I assume, you also want it to be very easy to use. Two thoughts:

-- Instead of having a passcode (kind of painful for the user), how about your HUD and trees use a simple reversible encryption scheme for their messages, using as part of the key some hash on the owner's rezdate or key? Encryption/decryption is time consuming, but these would be extremely infrequent messages, yes? and you could choose a very simple scheme.

-- I would also include an update mechanism for the scripts in your trees and HUDs, in case you want to change schemes at some point.

The simplest way of ensuring that only those who have paid for the HUD have a HUD is of course to make the HUD copy and no transfer.

The HUD can then communicate with all trees on a hard coded negative channel shared by all HUDs and all trees. To ensure that the trees only react to their owners HUD, the HUD should include the owner key in the messages, the trees can then check that the key in the message matches the key of their owner.

Indeed. Every tree would have the HUD code, but you'd need to shell out for the HUD to use it. I don't want people circumventing that by typing the commands themselves or having an object say them.


I didn't mean a passcode the owner had to type, just something based on the owner's key/rezdate/name that the HUD would use to communicate with the trees.

Do you think using llMD5String() plus a unique channel based on the owner's key/rezdate/whatever would be enough? Someone could still watch all channels and decode things, but you can't dissuade everyone, I guess.


A good idea, thanks.

Nearly so, yes. Just because I'm sneaky, I might also make the commands themselves random sets of characters and append a little bit from the owner key, so that every owner appears to have different commands, and the commands themselves, when fully decoded, still appear to make no sense. Costs no more CPU time.

Yeah, I was planning to do that. Nice to know I was on the right track at least. Thanks!