unless there have been profound recent changes in the OS services connectors structure that i've failed to notice (which is QUITE possible), all end-user accessibility is handled by port 8002 and the rest (connection services) is governed by port 8003 (in a standard ROBUST based grid setup). therefore, placing :8003 behind your firewall (thus preventing 'unauthorized' outside users from attaching to your grid services) should not interfere with public/open access via viewers on :8002 which would remain outside the firewall. afaik, this is the only reliable and in my experience completely effective solution to the problem.
i also believe the security key function was removed by concensus as it didn't provide any hardcore security. hope this helps and is remotely correct in it's technical assumptions - or at least follows the path your concerns and argument were headed... - core On 10/7/2012 11:50 AM, Tom Haines wrote: > I disagree that this should not be considered a concern. Under this > security model, anyone with the information to connect to the grid as > a user has enough information to connect a region to the grid. > > I am concerned with this as an operator of an educational grid. We > offer our services to students and educators with the understanding > that we can limit the objectionable content they would be exposed to > in SL or other public OpenSim grids. Obviously if anyone can connect > their own regions without authorization from the grid operators, our > ability to offer this service is compromised. > > I know there were pass keys used in the past to authenticate regions, > but I believe this functionality has been removed. I haven't seen > anything on the website regarding this. I've read before that > firewalls are the best defense, but this is untenable, since our usage > requirements demand controlled access by region operators, but open > access to end users from heterogeneous network environments. > > Could someone weigh in with the official line on this? > > On Sunday, October 7, 2012, Fleep Tuque wrote: > > Hi Josh, > > As far as I know, in order to connect a region to your grid, > someone would need to know all the connection details and unless > you provide that information, I'm not sure how anyone would know > how to or be able to connect to your grid. FleepGrid has been > running for nearly 2 years and I've never seen any attempts to > connect a rogue region as far as I know, so I'm not sure it's much > of a concern. > > I'll let someone with more knowledge of the possible configuration > options address any .ini settings that you might be able to use to > disable region connections, but if this is a security issue or > problem, it's the first I've heard of it. > > Sincerely, > > - Chris/Fleep > > Chris M. Collins (SL/OS: Fleep Tuque) > Center for Simulations & Virtual Environments Research (UCSIM) > UCIT Instructional & Research Computing > University of Cincinnati > 406A Zimmer Hall > 315 College Drive > PO BOX 210088 > Cincinnati, OH 45221-0088 > [email protected] <javascript:_e({}, 'cvml', > '[email protected]');> > (513) 556-3018 > > http://ucsim.uc.edu > > On Sun, Oct 7, 2012 at 9:52 AM, Joshua Rubeck > <[email protected] <javascript:_e({}, 'cvml', > '[email protected]');>> wrote: > > Okay so here is a question for everyone. Myself and a few > others are setting up a grid for public use, but we do not > want other people to be able to connect their regions on a > home based computer to our grid. One of my friends remembers > that there used to be a setting that would prevent an > opensimulator instance from connectiong to robust without > authentication but I cannot find that in the configuration > files. Is there a configuration that allows us to run a public > grid without other people being able to connect their regions > to our gird. > _______________________________________________ > Opensim-users mailing list > [email protected] <javascript:_e({}, 'cvml', > '[email protected]');> > https://lists.berlios.de/mailman/listinfo/opensim-users > > > > > _______________________________________________ > Opensim-users mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-users
_______________________________________________ Opensim-users mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-users
