[sldev] [Upcoming Changes] Website Viewer Authentication

Adam Frisby adam at gwala.net
Fri Sep 28 14:57:15 PDT 2007


Will the new login URL's include the ability to switch the IP of the 
server you are logging in to? (I imagine that will be essential for 
things like SLProxy, OpenSim and beta grids)

? :)

Adam

David Kaprielian (Sabin) wrote:

> Hey all.  I'm Sabin Linden, a developer here at Linden Lab.  You may 
> know me as that Linden with the pixel avatar or maybe... well... 
> actually I don't do much external facing work so you probably don't know 
> me at all.  Don't worry, you're not missing out on much.
> 
> In any case, I wanted to take a moment and send to this list some 
> security changes Linden is going to make in order to further the efforts 
> of anti-fraud and phishing prevention.  Pretty soon we're going to 
> consolidate logins to our website so we can eventually centralize the 
> process.  In other words, residents will not have to type their name and 
> password into SL viewers and applications, they'll type them into our 
> website instead.  The process that occurs is as follows:
> 1: After logging into the website, you'll be taken to a new page that 
> has the same login location options the current SL viewer has.
> 2: When you hit the Go button, a form is submitted to a php page, which 
> redirects to a secondlife:/// url that has a web key appended to it.
> 3: The secondlife:/// url itself will launch Second Life with locational 
> details and the web key will authorize your account for login.
> Note: You can find more detailed information (the whys and hows) on the 
> public wiki at https://wiki.secondlife.com/wiki/Viewer_Authentication
> 
> This method works for Windows and Mac machines, but unfortunately due to 
> the nature of how Linux handles secondlife:/// links (it doesn't), we 
> have been unable to come up with a proper, catch-all solution that would 
> allow this method of login to work for 100% of the Linux using 
> population.  We estimate (aka: make an educated guess) that we can catch 
> about 70% of Linux users at first and will be working to get that number 
> as close to 100% as possible.  However, because there are so many 
> different distributions and configurations of Linux available, there's 
> always the possibility of people who cannot launch Second Life from the 
> website.  Fortunately, we will be implementing a login screen for each 
> of our viewers (similar to the one you see now) which goes through our 
> website.  Although this doesn't allow as much security as we would like 
> (since you're still technically typing your password into the viewer) it 
> will, at least, allow all Linux users to log in.  Additionally, it will 
> provide a fall-back for those who are used to the current way of logging 
> in.
> 
> With this information, I wanted to get your feedback!  Do you think 
> there's a way we could make website viewer authentication work for all 
> Linux users?  Do you have any specifications for how this will interact 
> with your third party viewers and applications?  Anything I haven't 
> covered that you're worried about?  Thanks for your time everyone, we'd 
> love to hear what you have to say.
> 
> ~Sabin
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
> 



More information about the SLDev mailing list