Jump to content

Subodh Neximus

Resident
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Subodh Neximus

  • Rank
    Newbie
  1. Have come to the conclusion that a no-mod script is impossible to copy-bot and therefor resign only on Linden Labs official server.
  2. Thank you for response Callum. Have posted new questions at the bottom of entry post.
  3. Thank you both Richardus and Moti for a solid answer. But that is not quite right with the context of the question. So if an object in second life(in world) contacts an 'real life' server, What the inquiry is about: To make sure that the 'in world' lsl code only does http communication when hosted by Linden Labs servers. This way i assume only Linden Labs get to know destination ip address, wish is acceptable. What is not desirable is if the 'in world' lsl code is running/hosted by non Linden Labs server and the outgoing ip address are loged or in other ways "exposed" as a potential target. Also i don't have a domain name that are used in http requests so ip address and domain name can be interchanged in my posts.
  4. Thank you animats for a great replay. I'll surely will use your suggestion for added security. My question is about to not let the sim host (if it be openSim or other non Linden Labs servers) to know the destination ip address for and http request sent from 'in world' except for Linden Labs. Did change the title to a more fitting one.
  5. Like the title somewhat suggest the goal for this post is to find a way for http request from virtual world to the great outside, and not have destination ip address show up in logs for the virtual server holder (other then linden, if the object is active in SL). Don't know if this is a problem but assuming so. Reason for this inquiry is at bottom line that i'm a noob when it comes to server and therefore security is not the most molded concept. By doing some foot work in lsl code this can be partially remedied. This would be applied to a single lsl script with no modify permission that will handle http/https communication to and from the internet. The script would most likely be used at different regions, therefor most likely have little to non know data to compare and confirm if a Linden Lab server are the current host. The Application is not super secret but would not be hurt from better security towards not showing server ip address and other server holder information to current host. Any suggestions or hypothesizes is greatly appreciated. Concepts for a partially remedy tincture: Use a 3rd party server to verify from sender and act as a relay. Cons: Cost, complication, implementation. Pros: Would assumme a very high chance to not show destination ip address Check if ip address are known to be Linden Labs ones http://wiki.secondlife.com/wiki/Simulator_IP_Addresses , this would necessity be verified by a 3rd party server. Cons: Can probably be simulated by a non Linden Labs server Use a if statement in lsl code for known values that should equal return from all/any llGetSimulatorHostname | llRequestSimulatorData | llGetRegionCorner | llGetRegionName | llGetEnv Cons: Can probably be simulated by a non Linden Labs server, Not always enough relevant data to accurate confirm if data is true. Edit: Is it possible to show a lsl code(with any permissions) in a web browser like firefox with and without login credentials? Is possible for a lsl code to get a 'bird eye view' of where it is run and confirm that some how? : Not only look inside its "bubble of operation environment" but the greater "image".
×
×
  • Create New...