Jump to content
Sign in to follow this  
ziicutie

alternate account inventory sharing solution

Recommended Posts

This is simply an idea. I am not nessecarily aksing linden labs to do this or saying that this must be done. This is an idea that i have came up with that dose compeltely solve the idea of being able to share inventory between alternative accounts.

 

To foolproof this ability, you would need to have the user agree to linking the inventory between these users permanately and that you are compeltely responsable for others who acess these user accounts. Basically the idea of this is that you own all the users that you link and that they are permanately linked and cannot be undone. Generally user accounts are only supposed ot be acessed by 1 person, so this should not really be an issue. I understand that a lot of people will give away these user accounts to other people, but they will be doing so at their own risk, and they already agreed for their responsability to these users. The idea is that only 1 person should have acess to these users so they should all have the ability to acess one another in every way possible. These users should also be able to reset eachother's passwords by entering the password of the current user that you are logged into first just like in the normal way that you reset your password.

 

To acess eachother's inventories You would simply have yet another system folder wich could be called users and have a flder for each user accoutn that is linked to that user. Just in case you don't understand where I am going with this, inside each of thoose folders would be the regular inventory of that user.

 

I also would like to take the time to make note to linden labs if they read this on how to help fix a security issue on their website. Tracking cookies can be copied from other websites and peopel can log into your user account on the website. I am assuming that linden labs is aware of this ability because the way the password reset is set up on the website. To prevent this tracking cookie exploit is pretty simple. You need to store on the database the IP adress that they used when they logged into the website. If they are logge in by tracking cookies and the Last IP that was used dose not match up with their current IP adress, then it will simply delete the tracking cookies and log them off. Something similar to this should also be done on the viewer side because i have heared of people coping the data of the viewers that remember passwords and they can log into your user and buy lindens and then transfer the lidnens over to their other user without even knowing what your real password is.

Share this post


Link to post
Share on other sites


ziicutie wrote:

...

 

I also would like to take the time to make note to linden labs if they read this on how to help fix a security issue on their website. Tracking cookies can be copied from other websites and peopel can log into your user account on the website. I am assuming that linden labs is aware of this ability because the way the password reset is set up on the website. To prevent this tracking cookie exploit is pretty simple. You need to store on the database the IP adress that they used when they logged into the website. If they are logge in by tracking cookies and the Last IP that was used dose not match up with their current IP adress, then it will simply delete the tracking cookies and log them off. Something similar to this should also be done on the viewer side because i have heared of people coping the data of the viewers that remember passwords and they can log into your user and buy lindens and then transfer the lidnens over to their other user without even knowing what your real password is.

Not sure this is an issue here. Haven't you noticed the OAUTH login when you access the site (and marketplace)?

 

As far as " i have heared of people coping the data of the viewers that remember passwords and they can log into your user and buy lindens and then transfer the lidnens over to their other user without even knowing what your real password is." that is a million times INCORRECT.

Your password is encrypted with the ID0 of your PC, this is made up of the Network Card MAC address and a few other things I don't wish to say (to be honest I don't even know them all!). If you copy the encrypted password to another machine then the ID0 will be wrong and the password won't decrypt.

There is almost no chance that anyone could access your account by copying your viewer data from your machine to another, the only people who could do that would be a Linden or a TPV developer who understands what the ID0 is made from *and* who knows the exact values of your machine in order to spoof the ID0, to get those values they need to be at your machine, sitting in front of it. 

Most people would know if a Linden were at their keyboard tapping away ;)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...