Jump to content

Get ObjectKey at time of sale?

Wes Rabeni

By Wes Rabeni,
in LSL Scripting

 Share
You are about to reply to a thread that has been inactive for 3503 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Wes Rabeni

Wes Rabeni

Posted
Posted

I've been reading about the Automatic Notification Services offered using a URL to record transactions either from the marketplace or from in world vendors.  I'm wondering (and not seeing the answer) if it is possible to get the objectkey of the item that was just sold.  The product that I'm developing will require frequent http requests and I'm working out the method that I will use to authenticate authorized requests.

Basically, if I didn't make it...it's not allowed to chat with the server.

Link to comment
Share on other sites
Rolig Loon

Rolig Loon

Posted
Posted

An object doesn't have a UUID until it is rezzed, so there's no way to get a UUID at the time of sale unless you can gurantee that the item will be rezzed immediately.  If immediacy isn't important, so you can wait until the new owner rezzes the object, then you could drop a simple script in the object that sends you a message on rez and then deletes itself. 

Link to comment
Share on other sites
Innula Zenovka

Innula Zenovka

Posted
Posted

Maybe I'm misunderstanding the problem, but why not have the script send some sort of password to your server, in order to authenticate it?

Or if you mean you want to be sure that you made the object containing the script, have the script call llGetCreator().

Either way, the object's UUID (if that's what you mean by "objectkey") is going to change each time it's rezzed, so I don't see how it's going to help in the authentication process.

Link to comment
Share on other sites
Wes Rabeni

Wes Rabeni

Posted
  • Author
Posted

Thank you for the reply.

I didn't know the object got a new UUID every time it is rezzed.  Thanks for that tidbit.  And yes by objectkey I do mean UUID, in the headers of an http request it references the UUID by calling it an objectkey. X-SecondLife-Object-Key.

All good information, thanks.

Link to comment
Share on other sites
irihapeti

irihapeti

Posted
Posted

is tricky this as you wanting to avoid spoofing. The ANS UUID would be perfect like you were hoping but it dont persist like others mention

sans this then is pretty much impossible to prevent all serious spoof attempts without using a second channel for credentialling outside of the channel that your devices are communicating on. And even then is not impossible to break

i think you have to weigh up how likely is it that someone would go to the trouble to pretend to be someone else to access your service

however if total secure was a selling feature of the app you building then yes problem

+

this said

the way anti-freeloading sec can be done in SL is to rent the object. Either by time payment or sale commission. You know who paid you when the rent/commission comes in. Objects passing the correct credentials and owned by the payers and where the rent/commission has been paid, get answered

in this case if someone do spoof successfully then you got paid anyways

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 3503 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...