To answer to your first question: When setting CheckSessionHash = false the simulator then doesn't confirm that the user is who he claims he is. So basically one could enter to simulator with other persons account with hacked viewer.
There is separate tracker for old realXtend servers at https://sourceforge.net/projects/realxtendserver/ But I already changed the server_ip_check to configurable this morning. The purpose of this feature was to prevent hostile servers using users account & session hash to log in to other worlds. As we are developing the "rex-NG", we are investigating on other authentication methods and possibilities to store avatar information. ______________________________ Mikko Pallari Server Technical Lead in RealXtend ADMINO technologies www.adminotech.com www.realxtend.org -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Paul Fishwick Sent: 7. toukokuuta 2009 16:17 To: [email protected] Subject: [realXtend] authentication server I see that Mikko has added a flag so that one can bypass the RealXtend authentication server since apparently, there is a bug there. The authentication fails when using an external IP from behind a router. Even though setting this flag to false: CheckSessionHash = false as per the updated config information in: http://wiki.realxtend.org/index.php/Configuring_ModRex, this raises some questions. I post them here since apparently, they are not modrex-related according to Mikko's tracker responses, and so I am not sure where else to post these questions: (1) By setting CheckSessionHash = false, does this mean that no authentication is occurring? If there is a bug in authentication server, is there a separate tracker for that project? (2) Would it be possible to link the username entered in the RealXtend viewer to the default OpenSim authentication, thus nullifying the requirement to launch RealXtend authentication as a separate service? While we are at it, it would also be nice if we didn't have to launch a separate AvatarStorage server, and instead, any storage required through the use of the RealXtend viewer could be handled through table storage in the opensim db. I am just thinking of ways in which the connection between the RealXtend viewer and OpenSim could be simplified. Having to launch 2 extra servers has always been an awkward solution for modrex, which in theory, should be defined by an interface between the RealXtend viewer and OpenSim. -p -- Paul Fishwick, PhD Professor and Director, Digital Arts and Sciences Programs University of Florida Computer & Information Science and Eng. Dept. Bldg. CSE, Room 301 P.O. Box 116120 Gainesville, FL 32611 Email: [email protected] Phone: (352) 392-1414 Fax: (352) 392-1220 Web: http://www.cise.ufl.edu/~fishwick --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/realxtend http://www.realxtend.org -~----------~----~----~----~------~----~------~--~---
