[sldev] More about viewer auth in today's RC
Lawson English
lenglish5 at cox.net
Thu Dec 6 22:30:08 PST 2007
Anders Arnholm wrote:
> On Tue, Dec 04, 2007 at 03:47:17PM -0800, Tess Chu wrote:
>
>
>> Much of the ensued debate centered around the relative security of the old
>> xml-rpc based approach versus the new approach of using HTML. We *weren't*
>> necessarily trying to make the mechanism itself more secure (we believe
>>
>
>
There are apparently 2 different ways to go:
1) viewer(browser) => webpage => url+UUID (cap) => viewer
or
2) 3rd part browser => webpage => url + UUID (cap) => viewer
that cap retrieved from the webpage replaces the password that used to
be input directly into the viewer, so the xmlrpc call remains identical
except the key/value pair:
'web_login_key': UUID
replaces the key/value pair:
'password': '$1$' + MD5_endcoded_password
Python scripts to handle the login are found here though you gotta
replace the key/value pairs in the source yourself for the xml-rpc call
because I'm lazy:
https://wiki.secondlife.com/wiki/Example_protocol_code
Lawson
> Much of this because you, (meaning the lindens) described the method as:
>
> web (IE/Safari/firefox) -> viewer
>
> Not as it is:
>
> viewer -> super speical http/html (+something?) brower lookalike thing
> -> info to viewer
>
> The issues and compatibility problems ate totally different the problem
> domain is totally different. Now we can wounder what the heck is needed
> from the viewer to work? CSS? JavaScript? Image rendering? This browser is
> apparently able to save into, and have a button for it in the
> webpage, what does that mean? What is the protocol used to steer the
> special viewer... A descriptions, some code maybe descriptions and
> specifications here probably much more important that code.
>
> / Balp
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>
More information about the SLDev
mailing list