[sldev] Re: Patch to Address Debit Permission Spoofing

[Chris Sibbitt]

  Chance, AFAIK this is not possible. Argent's message doesn't seem to 
imply that it is, so I'm not sure where the question is coming from. You 
can only request debit perms from the owner of the process, but ownership 
of a copy of a script does not necesarrily mean that you can review it for 
safety.

On Fri, 25 May 2007, Chance Unknown wrote:

> At what point is it possble for a script that i do not own to request debit
> permission from me and be successful? This goes against the documentation on
> the wiki on how the function is implemented at the sims... Can you please
> clarify that the documentation is now in error? Thank you.
>
> On 5/25/07, Argent Stonecutter <secret.argent at gmail.com> wrote:
>> 
>> > It also gives the permission a stigma, when it is commonly needed in
>> > everything that might ever need to give a refund!
>> 
>> While I am not too sure that debit permission SHOULDN'T have a stigma
>> [1], I have to agree. that's why I think the appearance should be
>> changed more radically. Make it (and any other dialog that can cost
>> you money) look like a payment dialog, and you avoid it having a
>> "stigma" and provide protection from the "click click click oops"
>> problem.
>> 
>> [1] As defined, it's way too dangerous. I have only granted debit
>> permission for two scripts. One I wrote (and knew exactly what it was
>> capable of) and one I was testing for a friend and I examined the
>> source before granting it.
>> _______________________________________________
>> Click here to unsubscribe or manage your list subscription:
>> /index.html
>> 
>