Securing a notecard as a Flat Text Database

So I have a system that would contain important data. While I could store this data in a web server, the data in the web server might get accessed simotaneously by hundereds of various objects. Therefore, I have been thinking of storing this data onto a notecard.

Now while the data on this notecard is static, this data is on a much more capable host than what I have for hardware. But then again, I am a bit worried about the security of such data.

I bet I could reliably secure the transmission of the Notecard UUID to prims that are authorised to recieve such data. But in a worst case scenario, I bet that the uuid of this card will be captured. And now that the notecard uuid is out of safe hands, this notecard can be accessed at will. This meaning that someone might get their hands on the flat text database and anylise this data to their content. There will be no authenication software to restrict this access to the data to my extent of this knowledge.

Besides designing a complex encryption to this data, (Which is a bad security practice to secure data if left to protect data by itself) is there some way I can protect the data if I may chose to use notecards as a flat text database?(Like does llGetNotecardLine honor the item permission system?)

The security of this data is less so important to myself than the content creators that do choose to use one of my future scripting creations. I honor intellectual property and I choose to support the beauty of their works through the integrity of my own.


Thank you for your time if you have chosen to read all of the above and to an extent know what I am saying.

~Ilobmirt Tenk

Nope. If you have the UUID of the card, llGetNotecardLine can read it.

Well Damn. :\

Then I guess there has to be a jira on this. If not, I most certainly would like to make it happen. I am betting that there are more uses for notecards besides storing proprietary data in them. In fact, a user could be keeping their personal lives inside a notecard. And if there can be made scripts that can be made to read such private content, it needs to be stopped. I bet that restricting llGetNotecardLine to only notecards that are full perm, or owned by the same person running the function. If the notecard isn't full perm, and it isn't owned by the person running the llGetNotecardLine function, the notecard shouldn't be read.

Assets don't have permissions associated with them. The permissions apply to the inventory items, and you can have any number of items with different permissions pointing to an asset. llGetNotecardLine reads notecards by asset ID, not item ID.

Yes, I get that much that llGetNotecardLine reads notecards by asset ID, not item ID. I was just suggesting that things should change with llGetNotecardLine in that llGetNotecardLine will see that the asset is owned by somebody else and that asset UUID owner will not want for their notecard to be read, via not having their notecard be set to full perms. If by chance, that asset uuid is inside an object the script is in, or is within the script owner's inventory, it should be okay for llGetNotecardLine to read a line off that notecard.

Deanna Trollop just answered for me about the current permissions system associated with notecards. Any kind of perms will not matter with that function which is a bit bad for the privacy of anyone's data :\

Encrypt the communications used for transferring the UUID of the notecard.

1) Assets don't have permissions associated with them, only inventory items have permissions (permissions are an attribute of the inventory item wrapper, not the actual asset).
2) Determining if a user has a copy of an asset in inventory and if they have some level of permissions to it is a costly lookup.
3) Changing how llGetNotecardLine works would break content.

There are some products which are sold where the configuration notecards are hardwired by UUID and not included in the object at all. Your proposed change would break these.

I'm sorry but I don't see the pressing need to cripple this feature. The attack vector you describe requires insider information. The insider who would have access to that sort of information would have access to all assets, including the scripts making the requests. In this situation the insider would have equal access to your database, be it on an external server or in a notecard (because they would have the scripts that accessed the database). You can secure your communications from other users but you cannot keep them from the eyes of LL. If you aren't going to trust LL that is fine but crippling llGetNotecardLine won't make your data more secure from the attack vector you describe.

Strife Onizuka -
I trust LL with my data else I wouldn't be using their service. I just don't fully trust other user's of LL's service. Besides all that I could do to protect the UUID, I'm looking at a worst case scenario where all attempts to hide this data from other end users fail. This wouldn't matter to any Linden Lab Employee whom are within the power to do as they please. Again, it is all about information assurance. I place full trust upon the company that holds all my data and whos services I use. If Linden Labs deserves the trust of anyone with their content, they must be full of integrity in ensuring the proper use and storage of the data.

I guess that you are right that if any micro-transaction has to be checked, that usability and flexibility of that function would decrease. That is the principle of security. So I am guessing that flexibility, speed, and ease of use will rule out over the integrity of notecard content.

I will have to conclude from these short responses, that using notecards as a static flat text database is insecure. May the end users of these types of databases acknowledge that their content can be accessed and read freely if anyone can know of their database UUID and that the most they can do to safeguard their data is to encrypt it.

If you create the notecard in your inventory, and hard-code the UUID (right-click notecard in inventory -> "Get asset UUID" into your script, and then make sure the script's permissions are set to no-modify, then surely no-one can get at your notecard's contents? Only way to get the notecard key is to either have it in your inventory, or in the inventory of an object, or otherwise be given the key explicitly somewhere to read.

Thus if you use the key to look-up the notecard, and never give it out, then the only way to get the notecard ID is to get into the script, which is currently impossible without correct permissions.