Wes Rabeni Posted September 14, 2014 Share Posted September 14, 2014 I've been reading about the Automatic Notification Services offered using a URL to record transactions either from the marketplace or from in world vendors. I'm wondering (and not seeing the answer) if it is possible to get the objectkey of the item that was just sold. The product that I'm developing will require frequent http requests and I'm working out the method that I will use to authenticate authorized requests.Basically, if I didn't make it...it's not allowed to chat with the server. Link to comment Share on other sites More sharing options...
Rolig Loon Posted September 14, 2014 Share Posted September 14, 2014 An object doesn't have a UUID until it is rezzed, so there's no way to get a UUID at the time of sale unless you can gurantee that the item will be rezzed immediately. If immediacy isn't important, so you can wait until the new owner rezzes the object, then you could drop a simple script in the object that sends you a message on rez and then deletes itself. Link to comment Share on other sites More sharing options...
Wes Rabeni Posted September 15, 2014 Author Share Posted September 15, 2014 Thank you for the reply. Yeah, I was afraid that was the case. The immediacy isn't an issue. Your reply has given me more food for thought. Link to comment Share on other sites More sharing options...
Innula Zenovka Posted September 15, 2014 Share Posted September 15, 2014 Maybe I'm misunderstanding the problem, but why not have the script send some sort of password to your server, in order to authenticate it? Or if you mean you want to be sure that you made the object containing the script, have the script call llGetCreator(). Either way, the object's UUID (if that's what you mean by "objectkey") is going to change each time it's rezzed, so I don't see how it's going to help in the authentication process. Link to comment Share on other sites More sharing options...
Wes Rabeni Posted September 15, 2014 Author Share Posted September 15, 2014 Thank you for the reply. I didn't know the object got a new UUID every time it is rezzed. Thanks for that tidbit. And yes by objectkey I do mean UUID, in the headers of an http request it references the UUID by calling it an objectkey. X-SecondLife-Object-Key. All good information, thanks. Link to comment Share on other sites More sharing options...
irihapeti Posted September 16, 2014 Share Posted September 16, 2014 is tricky this as you wanting to avoid spoofing. The ANS UUID would be perfect like you were hoping but it dont persist like others mention sans this then is pretty much impossible to prevent all serious spoof attempts without using a second channel for credentialling outside of the channel that your devices are communicating on. And even then is not impossible to break i think you have to weigh up how likely is it that someone would go to the trouble to pretend to be someone else to access your service however if total secure was a selling feature of the app you building then yes problem + this said the way anti-freeloading sec can be done in SL is to rent the object. Either by time payment or sale commission. You know who paid you when the rent/commission comes in. Objects passing the correct credentials and owned by the payers and where the rent/commission has been paid, get answered in this case if someone do spoof successfully then you got paid anyways Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now