[sldev] Re: Patch to Address Debit Permission Spoofing

Able Whitman able.whitman at gmail.com
Fri May 25 14:35:32 PDT 2007


Yes, I apologize, it was my misunderstanding that I (obviously incorrectly)
thought that a user could grant debit permission to an object they didn't
own. I wasn't trying to spread FUD about this; it was a mistake on my part,
and I'm sorry for the confuion.

There still exists a spoofing issue, like you say. It's all well and good to
say that everyone should always pay attention to what they're doing, but
sometimes people don't, and sometimes they make mistakes. That doesn't mean
we shouldn't try to help them not to make mistakes.

--Able


On 5/25/07, Chance Unknown < chance at kalacia.com> wrote:
>
> But I am also wanting to address the FUD that appears in this thread with
> respect to prims being owned by another being account able to debit my
> wallet. That doesnt happen. When I rez a prim given to me, it has its
> opportunity to request debit permissions. And ulitmately, I will need to
> trust the origin of that prim. It is not possible to debit an account of
> another unless they are shown as the owner of the script and the owner of
> the prim that the script is within, AND the script has been authorized to
> perform debits. The software running at the simulator does not implement the
> ability to generate debits on my wallet by scripts or prims owned by a
> different account.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20070525/43e1c25a/attachment.htm


More information about the SLDev mailing list