[sldev] [Upcoming Changes] Website Viewer Authentication

Anders Arnholm Anders at Arnholm.se
Sat Sep 29 02:51:23 PDT 2007


> For Linux, don't bother getting the secondlife:// URL handler working 
> for us.
> 
> 1. Modify ./secondlife bash script to take the username and password 
> from us (either interactive OR on the command line)
> 2. Make a curl shell call that gets the token in ./secondlife, and then 
> passes it (the token, not our plain auth info) to the client.

It's a good workaround, event if I perfer from security point of view
the current look, late put that curl call into the viewer, we have a
browser there as well. If the script have a param for passwrd it will be
harder not to echo that on my screen, in the history file.

I don't know my SL password, that's in keypass, i copy from there into
the viewer. If i copy to command line it will be visible, and in the
history, No I'm not ok with it, BUT THIS STILL if much better the making
the same in Firefox...

ANd you still have to trust the client... I can rob your account, still
it's easy to rub for from everything in the client... And no login
changes can protect you from that.


-- 
Anders Arnholm         http://anders.arnholm.se/       Balp Allen



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the SLDev mailing list