For the record there's an update, as the previously mentioned Android viewer is now back in the TPV Directory.
(as already explained -see quote below- this doesn't *guarantee* anything by itself, but it's encouraging). Opensource Obscure On Wed, Dec 29, 2010 at 18:04, Brian McGroarty <s...@lindenlab.com> wrote: > On Tue, Dec 28, 2010 at 8:05 AM, Tateru Nino <tateru.n...@gmail.com> wrote: >> >> On 29/12/2010 2:57 AM, Robin Cornelius wrote: >> > On Tue, Dec 28, 2010 at 3:55 PM, Robin Cornelius >> > <robin.cornel...@gmail.com> wrote: >> > >> > v1.13.852 >> > * the whole login process is now handled by the mobile device itself, >> > from now on no passwords nor their hashes are transfered to our >> > servers. >> > >> > So that avoids 2.e >> I'd be more concerned about capabilities URIs, myself. The login >> credentials are only the front-gate. > > Ultimately, there's a big risk in using any third-party viewer. Getting the > initial authentication off of the third-party server narrows scope a bit. It > removes credentials that could have been used for real currency cash outs, > makes compromise of the third-party authentication server a less severe > problem, and improves governance's chances of slowing down bad actors > without having to take down a whole service. But, in no way do we intend it > as a safeguard against a malicious TPV dev. > -- > Brian McGroarty | Linden Lab > Sent from my Newton MP2100 via acoustic coupler _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/OpenSource-Dev Please read the policies before posting to keep unmoderated posting privileges
