[sldev] [Upcoming Changes] Website Viewer Authentication

[Jason Giglio]

Donovan Linden wrote:
> With the first iteration, the viewer will retain user interface which 
> looks very similar to the XUI login form on the current splash screen, 
> except implemented as part of the HTML page which takes up the rest of 
> the splash screen today. So the user experience is not going to change 
> at all, at least not initially. What happens later remains to be decided.
> 
> The first iteration will also continue to support the -login command 
> line switch for specifying username and password in a script. Probably 
> -login will continue to be supported forever.
> 

For Linux, don't bother getting the secondlife:// URL handler working 
for us.

1. Modify ./secondlife bash script to take the username and password 
from us (either interactive OR on the command line)
2. Make a curl shell call that gets the token in ./secondlife, and then 
passes it (the token, not our plain auth info) to the client.

We can easily check that that bash script doesn't do anything funny if 
we were running an untrusted viewer, so you still get the auth 
separation you are looking for.

All other linux users out there, you OK with this?

You don't even have to know how to read bash script to run an untrusted 
client, simply use a ./secondlife you know and trust.

This way is a hell of a lot more secure than -login, and would solve all 
the bot problems, etc, since it would provide an easy example for how to 
do it using curl command line.

-Jason