secure identity in HTTP requests

Forums General Help OpenSimulator SatyrFarm News Technology Gaming Feedback

New Members

DowalGrut, Zucchera, DAMIEN, METAL, ClaudiaHenning, Rosieane, Christin, Mandy8002, Maria33, Sundayrain42, Denny Hart, LeonKasaev, Eveexander, 28maia, Eccentrica, Fleetwood, Functions, Lacieangel, Melody_Song, Drkkights81

Likes

Max Hill
NeonClub

Max Hill
LUCE

Alex Leo
Holoneon Welcome

Alex Leo
Cozy Comforts World

Bebe
Lorouse

BonnieClearry
Gummybear Island

Marie^✦
Shopping

SWEETGIRL
Debora

iekocatnap
The Junction Mall

C6443v3r
Jessicasland

Fiona Sweet^✦ ▸ OpenSimulator 2 hours ago

secure identity in HTTP requests

There is no safe way to prove an AV made a HTTP request in LSL. Any HTTP request in the LSL script can be imitated by an impostor. This function returns a nonce that can be verified in web server script, which is reasonably safe to assume the actual AV made the request.

LSL_String osGetNonce(string service, string action)
service and action can be used to further identify the nonce when read by back-end
single-use short-life

https://github.com/holoneon/opensim/commit/b3668b61ee9ee45...

👍 like

Report abuse

OpenSimWorld is the directory of 3D Virtual Worlds based on OpenSimulator and connected through the HyperGrid. Learn More

New Members

Likes

Comments