Thank's a lot, i solve the problem, when you insert a avatar from a stored procedure in mysql, you need to insert more data, not only the user name, the password and uuid.
Cumprimentos, Márcio Cardoso A 2009/10/17, às 22:34, Rich White escreveu: > Here is the MySQL UUID function: > > http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_uuid > > > > > === > > 2009/10/17 Márcio Cardoso <marciomai...@gmail.com>: >> Thank you all, the problem of pass is resolved, so now I need to >> discover >> how the uuid of the avatar is generated . anyone have any idea how >> this >> happens? >> >> Greetings, >> Márcio Cardoso >> >> >> >> A 2009/10/16, às 19:34, Frisby, Adam escreveu: >> >> Seconded. There are other weak points which could be more easily >> addressed >> at the current point in time; but I do expect many of those to >> finally get >> ironed out. >> >> Adam >> >> -----Original Message----- >> >> From: opensim-dev-boun...@lists.berlios.de [mailto:opensim-dev- >> >> boun...@lists.berlios.de] On Behalf Of d...@metaverseink.com >> >> Sent: Friday, 16 October 2009 9:22 AM >> >> To: opensim-dev@lists.berlios.de >> >> Subject: Re: [Opensim-dev] open sim UUID and Passwordhash >> >> The usual warning, I'm a broken record: >> >> there is very little security in open OpenSim grids right now. >> >> Daniel Smith wrote: >> >> Not the best place to go over crypto 101, but for those unfamiliar >> >> with >> >> the insecurity of md5("password") by itself, you owe yourself a visit >> >> to >> >> some place like http://www.md5crack.com/crackmd5.php. It'll open >> >> your >> >> eyes quickly. >> >> Try "20ee80e63596799a1543bc9fd88d8878" -- it's ok, just a rabbit. >> >> Not >> >> my password. >> >> The point that others here are making about salt is pretty valid >> >> (incoming IP address + timestamp + username can be a good start). >> >> You'll have to store the salt somewhere, because you'll never get the >> >> same one again, and you'll need to add it to the users incoming pw to >> >> hash again and compare... >> >> And +1 to Adam's comment on transmission and storage requirements. >> >> Not >> >> addressing security 101 will leave you with a site incapable of >> >> transmitting anything (or much worse..) >> >> Daniel >> >> -- >> >> Daniel Smith - Sonoma County, California >> >> http://daniel.org/resume >> >> >> --------------------------------------------------------------------- >> >> --- >> >> _______________________________________________ >> >> Opensim-dev mailing list >> >> Opensim-dev@lists.berlios.de >> >> https://lists.berlios.de/mailman/listinfo/opensim-dev >> >> _______________________________________________ >> >> Opensim-dev mailing list >> >> Opensim-dev@lists.berlios.de >> >> https://lists.berlios.de/mailman/listinfo/opensim-dev >> >> _______________________________________________ >> Opensim-dev mailing list >> Opensim-dev@lists.berlios.de >> https://lists.berlios.de/mailman/listinfo/opensim-dev >> >> >> _______________________________________________ >> Opensim-dev mailing list >> Opensim-dev@lists.berlios.de >> https://lists.berlios.de/mailman/listinfo/opensim-dev >> >> > _______________________________________________ > Opensim-dev mailing list > Opensim-dev@lists.berlios.de > https://lists.berlios.de/mailman/listinfo/opensim-dev _______________________________________________ Opensim-dev mailing list Opensim-dev@lists.berlios.de https://lists.berlios.de/mailman/listinfo/opensim-dev