[sldev] [VIEWER] Re: New viewer released with logging of the owners of speaking objects and their location

Soft Linden soft at lindenlab.com
Tue Sep 4 09:53:58 PDT 2007

Previous message: [sldev] [VIEWER] Re: New viewer released with logging of the owners of speaking objects and their location
Next message: [sldev] [VIEWER] Re: New viewer released with logging of the owners of speaking objects and their location
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Strike that - this conversation is still going on at LL...

Apparently someone hard-coded their own caps in the map javascript.
The same point stands about being careful with sharing caps URLs, but
in this case it's not Harold's login that's the one being used willy
nilly. :)

On 9/4/07, Soft Linden <soft at lindenlab.com> wrote:
> Actually, authentication is provided by that cap URL, ie you've told
> people how to look up map data via your own Second Life account. In
> some ways, this is like sharing a php session key.
>
> Be very careful about which of those you share. In this case, I don't
> know that there's a way to use that cap to elevate privileges in any
> way, but others may have non-obvious side-effects.
>
> On 9/1/07, Harold Brown <labrat.hb at gmail.com> wrote:
> > The cap URLS I posted do not require authentication, and as such appear to
> > be static at the moment
> >
> > On 9/1/07, Dale Glass <dale at daleglass.net> wrote:
> > > On Friday 31 August 2007 23:09:18 Harold Brown wrote:
> > > > They are there now.
> > > [snip]
> > > > There is also the reverse:
> > > >
> > > >
> > https://cap.secondlife.com/cap/0/b713fe80-283b-4585-af4d-a3b7d9a32492?var=s
> > > >lRegionName&grid_x=997&grid_y=1002
> > > >
> > > > It returns:
> > > >
> > > > var slRegionName='Ahern';
> > >
> > > Ok, I've googled around a bit and found this:
> > >
> > >
> > https://secure-web5.secondlife.com/developers/third_party_reg/
> > >
> > > I guess that works as the documentation I wanted.
> > >
> > > I tried the form there and it only returns get_error_codes.
> > >
> > > Now, it says there: "Avoid hardcoding in your capabilities urls." and
> > "Keep
> > > your capability urls secret!".
> > >
> > > So how do I obtain the capability URL as needed if it's not listed there?
> > >
> > > Will this functionality be available to everybody? It's not much good for
> > me
> > > unless everybody can use it (excepting the sim position to key feature
> > > request below)
> > >
> > > Also, while the sim name from region xy request works for me, I would
> > prefer a
> > > direct key to sim name function, as well as xy to key. First one would
> > avoid
> > > the intermediate key to region id lookup, second one would allow me to
> > build
> > > my database much more easily (which then would ship with the viewer,
> > avoiding
> > > most lookups)
>

Previous message: [sldev] [VIEWER] Re: New viewer released with logging of the owners of speaking objects and their location
Next message: [sldev] [VIEWER] Re: New viewer released with logging of the owners of speaking objects and their location
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list