[sldev] Re: IDEA: HUD Objects should do HTTPrequests from the client not through the SIM.

Jo Grant/Cambridge/IBM jo_grant at us.ibm.com
Fri Oct 26 11:48:47 PDT 2007

Previous message: [sldev] IDEA: HUD Objects should do HTTPrequests from the clientnot through the SIM.
Next message: [sldev] Re: IDEA: HUD Objects should do HTTPrequests from the client not through the SIM.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark writes:
>But HUD objects are only viewable to the one client.
>This would  off-load HTTP traffic for applications that wanted to do more 

>HTTPrequest than the sim cap would allow with no settling time. 

I see where you are coming from, but there are a few thorns on this rose.
Firstly, scripts all run on the server. Even HUD scripts. In order to 
implement this the script engine would have to stop when there was a HUD 
HTTPrequest, find out what client was attached to the object's context, 
and push down the request to the client. The client would have to accept 
this request, perform the operation, and stream the result back up to the 
server. When the server gets the answer, it then would wake up the script 
with the appropriate event.
It could be done. But it wouldn't be a simple extension.

>I understand that a user could be potentially exposing their IP
This is one concern, I think there are a lot of bigger security concerns. 
Code running on the client is running within whatever security context the 
user is running within. For example, a large number of users on home 
networks use Linksys routers, and a large number of those never bother to 
change their admin password. It would not be hard for a malicious user to 
write a script that browsed to http://192.168.1.1 and performed the 
operations to, say, remove their security, or bring their network down. 
Technically, you could probably do this from Java script or an applet on a 
web page. But those are mature spaces that are well known and the majority 
of anti-virus vendors have systems in place that can prevent such attacks. 
This would be a new vector that such attacks could be launched from.

But keep thinking along these lines. Just like javascript allows servers 
to offload some work onto browsers, having some sort of client side 
scripting in an appropriately secure sandbox is worth thinking about.

Jo

***************************************
Jo Grant, jo_grant at us.ibm.com
http://www-03.ibm.com/developerworks/blogs/page/roivw
ISV Developer Enablement Architect, 
Workplace Technology,
1314, 5 Technology Park Drive, Westford MA 01886
tel: 978-399-6024
SL: Jaymin Carthage
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20071026/31ac2567/attachment.htm

Previous message: [sldev] IDEA: HUD Objects should do HTTPrequests from the clientnot through the SIM.
Next message: [sldev] Re: IDEA: HUD Objects should do HTTPrequests from the client not through the SIM.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list