[sldev] Re: Plugin architecture

dirk husemann hud at zurich.ibm.com
Thu Feb 22 06:37:03 PST 2007


Soft Noel wrote:
> On Wed, February 21, 2007 9:32 pm, John Hurliman wrote:
>   
>> Ben Byer wrote:
>>     
>>>> [...] and LL-triggered plugin invalidation possible.
>>>>         
>>> Whoa.  Everyone, raise your hand if you think this is a good idea.
>>>
>>> -b
>>>       
>> That's the most plausible idea since DRM!
>>     
>
> Scenario: Non-malicious plugin Foo v0.9 has a design defect causing a
> hundred users to hammer Userserver with large packets and kill IMs for
> everyone. LL says "All Foo v0.9, please unload/refrain from loading."
>
> I don't begin to pretend that this would be useful for stopping malicious
> code. Any attacker has the source, can see how the viewer identifies the
> plugin, and can work around that.
>   
hmm...first they need to find out that it's Foo-0.9...i'd think it would
make more sense to just send a message to the secondlife client
informing the user that his client is going to be throttled.

protect the servers...don't rely on clients to follow instructions
(especially with OSS'd clients).

    cheers,
    dirk

-- 
dr dirk husemann, pervasive computing, ibm zurich research lab
--- hud at zurich.ibm.com --- +41 44 724 8573 --- SL: dr scofield


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070222/1d48d2cb/signature.pgp


More information about the SLDev mailing list