Jump to content

Darling Brody

  • Posts

  • Joined

  • Last visited

Everything posted by Darling Brody

  1. Hi Oz, Thank you for that code snippet. It is similar to what I already do. I encrypt the messages with a pre-shared key in a very similar way. The reason I had to implement a check that the message was coming from SL was because of all the permissions exploits that permitted no-mod scripts to be opened, thus compromising any shared secrets and encryption keys. While I am not aware of any active exploits that can still force open a no-mod script, it is something I would like to be able to protect against just in case a new exploit is accidentally created. Back in 2009'ish someone deleted my entire customer database after compromising the permissions on one of my customer registration scripts to obtain the encryption key I use to communicate with the server. Here is what I was defending against in detail:- Someone cracks open my script with a permission exploit and copies my shared secret, thus allowing them to send my server correctly encrypted messages. They discover I am also checking against the owner of the prim to reject messages from prims that are not owned by me, so they send the message from outside SL with a fake value loaded into HTTP_X_SECONDLIFE_OWNER_KEY. This is where knowing the message comes from SL where they cant fake headers is very important, as I can reject messages from outside SL that may contained spoofed headers. If there is every another active permission exploit to open scripts how do we protect our servers? Suggestions?
  2. Two Issues that may be related to this that need consideration for in-world and off-world validation & security:- 1) In-World Vending machines and product upgrade delivery scripts need to filter out requests coming from the beta grid and other invalid sources to make sure people are not spending beta grid money to get stuff delivered to their main grid accounts without paying. With email we have >> The prim's email address is its key with "@lsl.secondlife.com" appended, llGetKey() + "@lsl.secondlife.com" With HTTP_Request() we have >> string llGetHTTPHeader( key request_id, string header ); -- With a result like h ttps://sim3015.aditi.lindenlab.com:12043/cap/a7717681-2c04-e4ac-35e3-1f01c9861322 This will need to be maintained or else you will have a repeat of the HUGE content theft/exploitation issues we had 10 years ago that drove away so many content creators. ( BTW my content from that time is STILL being passed around for free ) 2) Off-World Also off-world servers need to make sure a request is coming from a secondlife domain and not some other external source. (Read: attempted hack) For example: in PHP you might use something like this to ensure all requests are coming from SecondLife's main grid. /////////////////////////////////////////////////////////////// // // Validate origin was SL main grid // $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']); // extract domain/grid information if (substr($hostname, strlen($hostname) - 18, strlen($hostname)) != "agni.lindenlab.com") { die("ERROR: Request not from Main Grid!"); // ignore requests that are not from the main SL grid } Without the above test you can not trust other values returned such as $_SERVER['HTTP_X_SECONDLIFE_OWNER_KEY'] because you can not be sure the origin was seconldlife and not someone spoofing the values. This is one of the most critical layers that must be maintained. Darling Brody
  • Create New...