I prefer option 3, since it would be identical to LSL functions and hence in line with user expectations. Like the LSL
delays, these would still be configurable.
Option 3 is also simpler than option 2, which starts to involve complicated record-keeping. It also doesn't prejudice
adding this in the future if it proves really necessary.
Without these limits, a large number of allowed OSSL functions could be problematic, osNpcCreate for instance. I think
the most likely scenario is badly written scripts.
On 04/07/12 19:12, Argus wrote:
Hi.
Last week a new Patch was postet by Talun in mantis (6063) with a new feature
not implemented yet, osNPCToch which
enables NPCs to trigger the touch-event in scripted object. As cool as this
first sounds, there are some security issues
which should be adressed... or not
As justin pointed out, the discussion should best be made here and not on
mantis. I think the goal of the discussion
should maybe be to end with a general security guidline for future and current
implementation of NPC's in lsl /ossl?
This might also include some changes to the existing functions if a general
consensus is found.
Generaly NPC's and their functions need to be manualy enabled by the region
owner, which limits NPC security issues to
those regions were NPC are allowed. However, it is thinkable that griefers,
neighbours or buggy scripts create security
issues on a region which result in spam or even crash the region/sim/server.
In lsl the solution is to have a forced scriptdelays in functions that could
be used negativly, e.g. llInstantMessage
with 2 seconds delay or limited amount of repeated use per minute.
In the case of osNPCTouch, we have 1 NPC which can touch over 1000 objects
within 1 second. In this case NPCs can be
used to block items from beeing touched or depending on the scripts touched
might even crash a region/sim/server due to
many active scripts doing some work.
So should osNPCxxx functions generaly have limits were griefing/crashes are
possible and how should the limit be?
Basicaly we have 3 option:
1) we dont implement any limitation and accept that very seldomly some griefing
can happen. Worst case scenario means
restoring some region backups after an attack...
2) we could limit the functions to max amount of uses per minute. This allows
the normal scripts to run fast untill the
limit is reached. The limit is high enough for the normal uses, but causes a
silent failure after the limit is reached.
3) we could add a delay to functions. The script is always "slow" even if not
beeing used for griefing.
I personaly would prefer 2, limation per minute. This enables one to give
certain NPC rights to trusted parcelowners
without the fear of some dispute between parcel neighbours ending in a total
server crash.
regard
Michelle
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
--
Justin Clark-Casey (justincc)
http://justincc.org/blog
http://twitter.com/justincc
_______________________________________________
Opensim-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-dev
