Talk:Open Grid Protocol

From Second Life Wiki
Revision as of 09:36, 22 August 2008 by Lillie Yifu (talk | contribs) (Comment on potential security problem)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Choosing an Agent

" Choosing an Agent

The credential presented by the viewer may be valid for more than one agent. If so, then the viewer must specify the agent it wishes to control. If none is specified, and there are multiple possible agents, then log in will fail, and contain a list of possible agents. The viewer can then choose and reattempt login. "


That looks like a security hole, because it means that a person who gets login credentials now knows something they did not prove they knew before, namely the agent list. It should not include a list of agents, instead, an identifiable agent should be considered part of the credentials necessary for login.

Lillie Yifu 09:36, 22 August 2008 (PDT)

Retrieved from "https://wiki.secondlife.com/w/index.php?title=Talk:Open_Grid_Protocol&oldid=87706"