I forgot to address Mike's comment below in my earlier responses, and it's a very important point. On my first brush through last night I misread the LLPanelLogin code and assumed that passwords were simply crypted using a basic MD5 hash for storage -- not even slightly secure, but I guess I've gotten a little jaded when looking at new code. Mea culpa.
I've since done a more thorough inspection and found the rather important LLStartup::savePasswordToDisk and its companion load function and have a better understanding of how passwords are managed. Since this seems to store passwords as a binary hash that may include unprintable characters, this will require some significant adjustment (which is what I assume Mike was hinting at, and I obtusely missed) to accommodate the storage of multiple passwords in a single location. Alternatively, the current binary hash mechanism could be preserved and the result simply base64 encoded for insertion into the settings file as a string -- this would have a minimal performance overhead and would eliminate the need to alter the existing password.dat binary format. I also took a look at the LLSD class per Celierra's suggestion and it should be sufficient for storing the necessary values into the settings file -- no tokenization functions required. One question: can anyone familiar with LLPanelLogin give me a brief summary of the USE_VIEWER_AUTH define and why that code remains in the viewer? It seems to be a nearly entirely separate set of UI and authentication functions but is permanently disabled due to the #define at the head of the file, and appears to have been since the beginning of the open source trunk. I'm wondering if that code path will ever be re-enabled and if I need to develop and test a solution which works properly when routed through it, or if it's merely legacy code that hasn't been pruned out. On Jul 14, 2009, at 2:40 PM, Mike Monkowski wrote: > I think the settings are FirstName and LastName. I don't see the > password in the settings file. _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/SLDev Please read the policies before posting to keep unmoderated posting privileges
