[sldev] Patch to Address Debit Permission Spoofing

[Erik Anderson]

Is there any way we can ask LL to provide two permission tiers here?
Considering that a significant chunk of L$-authorized objects are probably
vendor scripts of which you are not the owner, having those objects use a
lesser "refund-only" permission could help seperate out the potentially
dangerous scripts from the ones that can only give up to the amount of money
that they have themselves been given...

And yes, I probably should have looked at Jira before posting this...

On 5/25/07, Jason Giglio <gigstaggart at gmail.com> wrote:
>
> Good work!  This one was on my list too actually.  Some feedback inline.
>
> Able Whitman wrote:
> > * Automatic Denial of Debit Permission Requests
>
> I'm not sure this is such a good idea.  Users will likely turn this off,
> then complain when their objects don't work right, even if it does tell
> them that the permission was requested.
>
> It also gives the permission a stigma, when it is commonly needed in
> everything that might ever need to give a refund!
>
>
> > The preference to enable automatic denial will appear in the "Popups"
> > * Opt-out of Caution Permissions Prompts
>
> I'm also opposed to "preference creep".  It seems that a lot of the
> patches we are seeing are coming with preferences to enable or disable
> them.
>
> Either it's a good idea to do this or it isn't.  We don't need to add a
> preference for every little feature.  If the client had always been
> developed like this, we'd have 50 pages of preferences and be able to
> revert to the 1.0 feature set. :)
>
>
> -Jason
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20070525/7d0872e1/attachment.htm