[sldev] [VIEWER] Authentication

[Nicholaz Beresford]

Hi!

David Kaprielian (Sabin) wrote:
 > changes Linden is going to make in order to further the efforts of
 > anti-fraud and phishing prevention.  Pretty soon we're going to
 > consolidate logins to our website so we can eventually centralize
 > the process.

I'd like to know how soon "pretty soon" is and what the timeframe
and process of implementation will be (will this stuff go through
an RC iteration, etc.)?

Will this invalidate older viewers (being a mandatory update which
will break the existing legacy applications)?



 > Anything I haven't covered that you're worried about?  Thanks
 > for your time everyone, we'd love to hear what you have to say.

Most points have been covered already, here are my specific
(re)iterations.

1) Proxies and the myriads of browsers, setups, networks/firewalls,
security apps, etc. will make this a nightmare.

2) The gain in security regarding the inworld account is zero.  The
username/password is protected mostly to protect inworld assets.
If I had malicious intent and if I have a viewer, all I need is to
get people go online with the viewer.  If that didn't work, I'd rez
a keylogger process from the intestines of the viewer, create a crash,
wait for the person to log on and then IM me the logged keystrokes
inworld.  And that's just the beginning, I guess I'd come up with
five different ideas within an hour.

3) With Philip's ideas of wanting to see more variety in clients
(e.g. he was mentioning portable devices), this is going into exactly
the opposite direction.  Same probably goes for applications like
Katherine's Ajax-Life.

4) Going through the website every time is a nuisance, especially with
alts and logging on to other grids (opensim, beta, etc.)


Nick
---
Second Life from the inside out:
http://nicholaz-beresford.blogspot.com/