[opensource-dev] Anyone playing with Android and Second Life?

Opensource Obscure opensourceobscure at gmail.com
Mon Jan 24 10:50:02 PST 2011


For the record there's an update, as the previously mentioned
Android viewer is now back in the TPV Directory.

(as already explained -see quote below- this doesn't *guarantee*
anything by itself, but it's encouraging).

Opensource Obscure


On Wed, Dec 29, 2010 at 18:04, Brian McGroarty <soft at lindenlab.com> wrote:
> On Tue, Dec 28, 2010 at 8:05 AM, Tateru Nino <tateru.nino at gmail.com> wrote:
>>
>> On 29/12/2010 2:57 AM, Robin Cornelius wrote:
>> > On Tue, Dec 28, 2010 at 3:55 PM, Robin Cornelius
>> > <robin.cornelius at gmail.com>  wrote:
>> >
>> >   v1.13.852
>> > * the whole login process is now handled by the mobile device itself,
>> > from now on no passwords nor their hashes are transfered to our
>> > servers.
>> >
>> > So that avoids 2.e
>> I'd be more concerned about capabilities URIs, myself. The login
>> credentials are only the front-gate.
>
> Ultimately, there's a big risk in using any third-party viewer. Getting the
> initial authentication off of the third-party server narrows scope a bit. It
> removes credentials that could have been used for real currency cash outs,
> makes compromise of the third-party authentication server a less severe
> problem, and improves governance's chances of slowing down bad actors
> without having to take down a whole service. But, in no way do we intend it
> as a safeguard against a malicious TPV dev.
> --
> Brian McGroarty | Linden Lab
> Sent from my Newton MP2100 via acoustic coupler


More information about the opensource-dev mailing list