Security question

[Blackdog Ashbourne]

Hi folks,

I'm a content creator in that other virtual world and have been keeping a keen eye on opensim for many years. Kitely is the first opensim world I've encountered which looks to be a credible candidate for importing my products, with your support of the hypergrid, an economy and marketplace, usable physics and strong content protection. Kudos to you for your work.

I have a question before I go further with bringing my products across, though. What are the risks of someone being able to access the source code of any scripts I create here? I understand that objects can be copybotted in any virtual world, but the scripts are another matter. Some of my scripts contain confidential information, including website and database interface details, which I cannot risk being compromised. It is the main reason I have avoided importing my creations into opensim worlds to date.

Kitely's strong content protection, from what I gather, will allow me to ensure that my scripts do not leave Kitely's servers. My question is, are there known exploits, given the nature of OpenSim's asset servers, which could *possibly* allow a black hat to access my script source code in Kitely's asset servers? I don't need to know what the exploits are, am just seeking definitive information from Kitely support on what risks I'm facing.

Many thanks in advance,
Blackdog

[Shandon Loring]

Hi Blackdog,

First of, you'll want to make sure you don't sell your scripts with the Export permission enabled. If a script is exported there is nothing to stop a pirate from getting to its source code. If that is a concern then always deslect the Export perm in your Kitely Market product listings. See: http://www.kitely.com/virtual-world-new ... plemented/

Second, do not sell scripts inworld, the content protection mechanisms are a lot less strict then for items sold via Kitely Market. See: http://www.kitely.com/virtual-world-new ... rmissions/

Copybots can be used to copy content which is transfered to the viewer. I suggest selling scripts which you want to keep hidden as no-copy/no-modify. See: http://www.sluniverse.com/php/vb/conten ... -copy.html

Kitely developed its own cloud-based inventory and asset systems which are not the same as those that are part of regular OpenSim. I'm not aware of any exploit that can be used to get to your source code without permission but that doesn't guarantee that one doesn't exist (which is the safe thing to assume with SL as well).

Does that address your concerns?

[Blackdog Ashbourne]

Thanks, Ilan. That's a very useful answer. From the messages you provided, I can already see one mechanism which could allow no-copy/no-mod script source to be viewed, so I'll need to do some thinking.
Is there someone I can raise some more specific questions with in a less public forum? I don't want to post my specific questions about scenarios I suspect to be problematic in case I'm right and end up publishing an exploit.

I'm a big fan of OpenSim based worlds, but have stayed out of them due to content protection issues. Looks like Kitely is *nearly* there. Hopefully I'm wrong about the exploit risks I can see and Kitely is completely there, as I like the feel of the world and the way it's run, as well as the technical aspects of it.

Much appreciated,
BDA

[Constance Peregrine]

Firstly, Welcome to Kitely-)

If I might add, and I am just a resident here, sometimes...lol

http://www.kitely.com/forums/memberlist ... ofile&u=54 is Oren [which I am sure would have been told you soon anyway...I mainly wanted to welcome you] who is the more dev person here.

imho, Kitely is the only cutting edge commercial style grid going on now, and with hypergating enabled, it is a win-win here.

Enjoy-)

[Ilan Tochner]

You can PM me your scenario and/or send it to Oren Hurvitz, our VP R&D.