Jump to content
  • 0

SL experiences function


Elayn
 Share

You are about to reply to a thread that has been inactive for 1959 days.

Please take a moment to consider if this thread is worth bumping.

Question

Forgive me if this is a common question but I didn't see it asked recently. With the new upgrades coming to the SL Experiences function... Someone told me that Experiences can allow another to access a persons LL account to enable things like transfer of inventory, transfer of L's or access to personal data. This doesn't sound right but I don't see the documentation to prove otherwise. Input please? 

Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0

No LSL functions allow access to your account information or the contents of your inventory, for some obvious security reasons.  When you have an Experience activated, people who accept it are granting tacit permission for PERMISSION_TAKE_CONTROLS, PERMISSION_TRIGGER_ANIMATION, PERMISSION_ATTACH, PERMISSION_TRACK_CAMERA, PERMISSION_CONTROL_CAMERA and PERMISSION_TELEPORT.   Scripts in an Experience cannot use llRequestExperiencePermissions to request PERMISSION_DEBIT, PERMISSION_SILENT_ESTATE_MANAGEMENT, PERMISSION_RETURN_OBJECTS, PERMISSION_OVERRIDE_ANIMATIONS, or PERMISSION_CHANGE_LINKS, any of which could create security issues or make "permanent" changes to in-world assets.

Edited by Rolig Loon
  • Like 1
Link to comment
Share on other sites

  • 0

Elayn, there is a tiny grain of truth in amongst all the FUD (fear, uncertainty, and doubt).

It has nothing to do with Experiences, but there IS an LSL function which allows an object to pay $L into, or take $L out of, your account.  This is how vendors and tip jars and skill games that award $L prizes work.  Unfortunately, the same function can be put into an object by a scammer.

When you rez or wear an object that wants this access, you get a warning message, and the option to allow the object to take $L from you, or deny it that permission.  A lot of people have hit that "Allow" button and found their accounts suddenly emptied.

These objects can steal your money, but they don't have any deeper access to your account such as inventory access or the ability to steal your personal information.

  • Like 1
Link to comment
Share on other sites

  • 0
12 minutes ago, Lindal Kidd said:

there IS an LSL function which allows an object to pay $L into, or take $L out of, your account.

However, the basic point here is

12 minutes ago, Lindal Kidd said:

When you rez or wear an object that wants this access, you get a warning message, and the option to allow the object to take $L from you, or deny it that permission. 

It cannot take money from your account unless you deliberately click that box, granting PERMISSION_DEBIT.  That specific permission can only be granted if you do it on purpose, so it is unfortunately easy to do by mistake if English is not your native language or if you aren't paying attention.  You cannot give it accidentally through Experience permissions, though, because the llRequestExperiencePermissions function does not include that option.

  • Like 4
Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 1959 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...