[sldev] Script to client channel.

[Argent Stonecutter]

On 2009-02-16, at 11:15, Thomas Shikami wrote:
> Tony Dodd wrote:
>> As regards return traffic it is very easy to arrange for the viewer  
>> to send
>> a string on some selected channel, though I suppose in the  
>> interests of
>> clarity and security it might be better to add client to server  
>> messages
>> with a new event type.

> This secure channel is already in the works, the viewer already  
> supports curl and the server side lsl scripts are about to support  
> http_in.

I'm not sure how secure a channel this would be. There's nothing that  
tells a script that a connection via HTTP is coming from the client  
it's expecting. The chat version can be implemented securely enough  
for attachments to deal with any attack I can think of, since you can  
use llOwnerSay() for the script-client path, and verify the chat  
id==llGetOwner() for the response. If that's not good enough, then  
going to something with less authentication wouldn't be a step forward.