On 2009-02-16, at 11:15, Thomas Shikami wrote:
Tony Dodd wrote:
As regards return traffic it is very easy to arrange for the viewer
to send
a string on some selected channel, though I suppose in the
interests of
clarity and security it might be better to add client to server
messages
with a new event type.
This secure channel is already in the works, the viewer already
supports curl and the server side lsl scripts are about to support
http_in.
I'm not sure how secure a channel this would be. There's nothing that
tells a script that a connection via HTTP is coming from the client
it's expecting. The chat version can be implemented securely enough
for attachments to deal with any attack I can think of, since you can
use llOwnerSay() for the script-client path, and verify the chat
id==llGetOwner() for the response. If that's not good enough, then
going to something with less authentication wouldn't be a step forward.
_______________________________________________
Policies and (un)subscribe information available here:
http://wiki.secondlife.com/wiki/SLDev
Please read the policies before posting to keep unmoderated posting privileges
