[sldev] Re: Patch to Address Debit Permission Spoofing

[Chance Unknown]

They can only take money from you once you authorize a prim to do it. Now it
might be interesting to have a universal revoke feature implemented at the
sims, but this wouldnt be a client side feature. And far as I can tell, only
scripts which are under your ownership can successfuly request debit
permission.

The flilpping around the aurhorization buttons to make it harder to slip one
in under the flurry of dialog boxes and trick someone to select OK on an
item that they accept from you, to fool them to take their money is probably
ok. But there is not a huge security concern like this thread implys. You
must authorize a prim that you own to dip into your pocket and send money
someplace.

..


On 5/25/07, Able Whitman <able.whitman at gmail.com> wrote:
>
> I haven't investigated what would be required to change other
> money-related dialogs, but it's certainly something I would be happy to
> investigate. (I suppose a good first step would be to compile a list of all
> the ways that SL can take money from you!)
>
> I have already made some modifications to my patch to address some of the
> very helpful feedback I've recieved so far. This also includes changing the
> size of the debit prompt so that it's not as easy to hit the "click click
> click oops" problem.
>
> My preference is to keep the debit permission prompt in the same overall
> "style" of the standard permission prompt. I think that, combined with the
> visual cues the patch makes, will strike a reasonable balance between making
> the debit prompt more visible while not getting too "in-your-face" about the
> issue.
>
> If you feel strongly the other way, of course, I'm happy to be convinced!
> :)
>
> Once I've done some more testing, I will update the patch spec, and I will
> post a revised patch to the list.
>
> On 5/25/07, Argent Stonecutter <secret.argent at gmail.com> wrote:
> >
> > Nice start.
> >
> > I would like to suggest that any other approval dialog involving
> > money also be handled specially... in particular, joining a group.
> >
> > I would also like to suggest that not only should the dialog be
> > visibly different, but it should be different enough that there is no
> > chance of the accept button being in the same place as the accept
> > button in any dialog that doesn't involve spending money. Really, it
> > should probably be a "payment/purchase" style box in the middle of
> > the screen.
> > _______________________________________________
> > Click here to unsubscribe or manage your list subscription:
> > /index.html
> >
>
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20070525/d97cb96a/attachment.htm