[sldev] Re: Patch to Address Debit Permission Spoofing

[Chance Unknown]

The spoofing issue has always existed. With the argument resisting the UI
change being that - we are informed adults. That aside, such a patch is
likely to be a good idea; I have seen the flurry of dialog boxes falling
down on screen with the OK, OK, OK responses to them interspearsed with a
debit request. A unique color for the dialog with debit can be addressed
with color code changes and rearrangement of the postions of the buttons,
that does help with identification of the issue as outlined.

But I am also wanting to address the FUD that appears in this thread with
respect to prims being owned by another being account able to debit my
wallet. That doesnt happen. When I rez a prim given to me, it has its
opportunity to request debit permissions. And ulitmately, I will need to
trust the origin of that prim. It is not possible to debit an account of
another unless they are shown as the owner of the script and the owner of
the prim that the script is within, AND the script has been authorized to
perform debits. The software running at the simulator does not implement the
ability to generate debits on my wallet by scripts or prims owned by a
different account.

--

On 5/25/07, Chris Sibbitt <csibbitt at gmail.com> wrote:
>
>
> Chance, AFAIK this is not possible. Argent's message doesn't seem to
> imply that it is, so I'm not sure where the question is coming from. You
> can only request debit perms from the owner of the process, but ownership
> of a copy of a script does not necesarrily mean that you can review it for
> safety.
>
> On Fri, 25 May 2007, Chance Unknown wrote:
>
> > At what point is it possble for a script that i do not own to request
> debit
> > permission from me and be successful? This goes against the
> documentation on
> > the wiki on how the function is implemented at the sims... Can you
> please
> > clarify that the documentation is now in error? Thank you.
> >
> > On 5/25/07, Argent Stonecutter <secret.argent at gmail.com> wrote:
> >>
> >> > It also gives the permission a stigma, when it is commonly needed in
> >> > everything that might ever need to give a refund!
> >>
> >> While I am not too sure that debit permission SHOULDN'T have a stigma
> >> [1], I have to agree. that's why I think the appearance should be
> >> changed more radically. Make it (and any other dialog that can cost
> >> you money) look like a payment dialog, and you avoid it having a
> >> "stigma" and provide protection from the "click click click oops"
> >> problem.
> >>
> >> [1] As defined, it's way too dangerous. I have only granted debit
> >> permission for two scripts. One I wrote (and knew exactly what it was
> >> capable of) and one I was testing for a friend and I examined the
> >> source before granting it.
> >> _______________________________________________
> >> Click here to unsubscribe or manage your list subscription:
> >> /index.html
> >>
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20070525/00acf3ad/attachment.htm