Btw the server wide password cant be in the scripts itself on the reference implementation, it should be in the tundra.ini config in [server] or [security] sections. Otherwise all clients can open it from cache and read the password, as they get the script asset even if its not ran on the client (except if you make it local only) :) Same thing would apply to the token exchange things hash/secret thingie if implemented in a script. Server side local py/c++ would ofc remove this problem, but config is always nice there too.
Best regards, Jonne Nauha Adminotech developer -- http://groups.google.com/group/realxtend http://www.realxtend.org