[sldev] Re: Patch to Address Debit Permission Spoofing

[Chance Unknown]

How about the transactions screen on the website get enhanced to include
SLURL of the prim that negotiates your pocket book for you, so you can
teleport to the offending spot and delete it?

oh.


On 5/25/07, Chance Unknown <chance at kalacia.com> wrote:
>
> They can only take money from you once you authorize a prim to do it. Now
> it might be interesting to have a universal revoke feature implemented at
> the sims, but this wouldnt be a client side feature. And far as I can tell,
> only scripts which are under your ownership can successfuly request debit
> permission.
>
> The flilpping around the aurhorization buttons to make it harder to slip
> one in under the flurry of dialog boxes and trick someone to select OK on an
> item that they accept from you, to fool them to take their money is probably
> ok. But there is not a huge security concern like this thread implys. You
> must authorize a prim that you own to dip into your pocket and send money
> someplace.
>
> ..
>
>
> On 5/25/07, Able Whitman <able.whitman at gmail.com> wrote:
> >
> > I haven't investigated what would be required to change other
> > money-related dialogs, but it's certainly something I would be happy to
> > investigate. (I suppose a good first step would be to compile a list of all
> > the ways that SL can take money from you!)
> >
> > I have already made some modifications to my patch to address some of
> > the very helpful feedback I've recieved so far. This also includes changing
> > the size of the debit prompt so that it's not as easy to hit the "click
> > click click oops" problem.
> >
> > My preference is to keep the debit permission prompt in the same overall
> > "style" of the standard permission prompt. I think that, combined with the
> > visual cues the patch makes, will strike a reasonable balance between making
> > the debit prompt more visible while not getting too "in-your-face" about the
> > issue.
> >
> > If you feel strongly the other way, of course, I'm happy to be
> > convinced! :)
> >
> > Once I've done some more testing, I will update the patch spec, and I
> > will post a revised patch to the list.
> >
> > On 5/25/07, Argent Stonecutter <secret.argent at gmail.com > wrote:
> > >
> > > Nice start.
> > >
> > > I would like to suggest that any other approval dialog involving
> > > money also be handled specially... in particular, joining a group.
> > >
> > > I would also like to suggest that not only should the dialog be
> > > visibly different, but it should be different enough that there is no
> > > chance of the accept button being in the same place as the accept
> > > button in any dialog that doesn't involve spending money. Really, it
> > > should probably be a "payment/purchase" style box in the middle of
> > > the screen.
> > > _______________________________________________
> > > Click here to unsubscribe or manage your list subscription:
> > > /index.html
> > >
> >
> >
> > _______________________________________________
> > Click here to unsubscribe or manage your list subscription:
> > /index.html
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20070525/cf935925/attachment.htm