[opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?

Alexandrea Fride babytje_ab at live.com
Tue Aug 24 14:03:20 PDT 2010

Previous message: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Next message: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sure true

but the differences is for a normal sl viewer to do this they need to 
specify their own login screen using url parameters or someting
while with Emerald has there own custom login screenpage with users see 
evrytime they login into Emerald

while what you say is true but that user count is WAY lesser then thousand 
of emerald users loging in continue
it was stupid to do but this also proven the point is that Emerald (or anny 
other viewer) can do what they whant with SL's code
it gives wrong view of what Third party viewer should be

and to fix this so it never hapens again disalow custom login page's to be 
hosted on the viewers server
but instead allow it so it can be hosted on secondlife servers (for a fee 
maybe idk) and everey time they wanna update the page, let LL
control it to see if its user safe (could allow dynamic xml stats for custom 
news and stats but limited to basic html code with it)

annyway my 2cents

--------------------------------------------------
From: "Harold Brown" <labrat.hb at gmail.com>
Sent: Tuesday, August 24, 2010 10:50 PM
To: "David M Chess" <chess at us.ibm.com>
Cc: <opensource-dev at lists.secondlife.com>
Subject: Re: [opensource-dev] Malicious payloads in third-party viewers: is 
the policy worth anything?

> What I find interesting is that people are neglecting to realize that
> ANY viewer, even a LL viewer could have been used to do the same thing
> by changing the WEBPAGE the login screen pointed to.  Or for that
> matter distributing a object using the new Media functions to load a
> webpage with the exact same iframe set.
>
>
>
> On Mon, Aug 23, 2010 at 8:03 AM, David M Chess <chess at us.ibm.com> wrote:
>>
>> Could we move all this stuff to a new "emeraldgate" list, or something?
>>
>> That I could then carefully not subscribe to?
>>
>> __
>> _______________________________________________
>> Policies and (un)subscribe information available here:
>> http://wiki.secondlife.com/wiki/OpenSource-Dev
>> Please read the policies before posting to keep unmoderated posting
>> privileges
>>
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting 
> privileges
>

Previous message: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Next message: [opensource-dev] Malicious payloads in third-party viewers: is the policy worth anything?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the opensource-dev mailing list