[sldev] RE: Re: Re: Patch to Address Debit Permission Spoofing

[Elio Maggini]

I must admit in some ways I think it is much ado about nothing.  If a coder
wants to create a script to steal money they will find a way. Simple social
engineering is the best tool and no combination of button flips or
roadblocks will stop this.

And I haven't seen an outcry about massive fraud in any SL feed I get,
though I know it happens as I've experienced it myself.

The only real way is to change debit_perm to refund types only.  This, I
think, would unfortunately kill any "shareware" type projects that operate
on commission....like the ones I am working on :)

If I am wrong and there is another way to do profit sharing (without group)
please enlighten me.

Otherwise, my two cents is any re-design must truly stop scammers and not
just make ALL applications asking for this permission look suspect.

P.S. and this still won't stop poor programming...my first time trying DEBIT
stuff...resulted in a version that didn't check if it had been paid....but
still happily refunded money to you if it timed out.....ooopppsss!! in
fact...I bet a refund debit perm could be poorly coded to exploit that?
anyways...I ramble.

----------------------