llEmail and llHttpRequest Security

Hi,

I've spent a lot of time going through all the "security" threads in this forum, but I couldnt find a clear answer to my questions. So, I'll just try with this one. Maybe someone can help.

What I've learned so far: real encryption between LSL and PHP is (A) hard to code and (B) not very fast when running. So, I'm still investigating what will work best for my projects, but when doing all the research, some general questions raised:

1) Is it possible for a random person to somehow fetch the string that gets sent through llHttpRequest? (Script is NoMod, NoCopy; Script is in a HUD object that automatically dies when rezzed other than as HUD. I found that it was not possible to drop a script into a NoMod Object and get access to llMessageLinked.TRUE?) Let's say I send a password through llHttpRequest? Could that be fetched from there? Thinking of network tools like "WireShark"?

2) Is it possible for a random person to somehow read what my server sends back to the LSL script? (same script/object perms as in (1))

3) Is it possible to read object 2 object llEmail-messages? (of course same object/script perms as in (1))


Thanks for any help!

1, 2 and 3: no, not really. I don't know of any mechanism to do any of those. That doesn't mean that it is not a good idea to authenticate and confirm transactions over http, because people can always send arbitrary messages to them if they know the right URL.

Thanks for your answer