Save IAR function

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Save IAR function

Master_Mirage
This works fine but a situation came up that got us thinking. Why not move save IAR command into ROBUST and not have it in region server at all, load IAR stays with the region server. In that way only full grid ops can actualy make an IAR for a user as other regions servers that may connect to a hosted robust service cant abuse it.
The situation was a user req there IAR and thats fine as were a walled grid and we want them to have there stuff if thay wish to goto another grid or in this case start there own.
Im shure its more complex todo than say, it just seems more secure because unless there running a full grid (ROBUST + region servers) an attached regionserver cant bypass the pass checks because the command for saving an IAR wouldent be on there side. Thay could however LOAD IAR's.
Anyway just thoughts


tnx
Our New Web Page
Http://www.TritonGrid.com
Reply | Threaded
Open this post in threaded view
|

Re: Save IAR function

Chris Kennedy-2
Would this potentially affect people running OpenSim in standalone mode?
I don't want to have to switch all my configs over to grid mode just to
be able to back up my inventory on my own sandbox ...

On 5/9/2010 8:39 PM, Master_Mirage wrote:

> This works fine but a situation came up that got us thinking. Why not move
> save IAR command into ROBUST and not have it in region server at all, load
> IAR stays with the region server. In that way only full grid ops can actualy
> make an IAR for a user as other regions servers that may connect to a hosted
> robust service cant abuse it.
> The situation was a user req there IAR and thats fine as were a walled grid
> and we want them to have there stuff if thay wish to goto another grid or in
> this case start there own.
> Im shure its more complex todo than say, it just seems more secure because
> unless there running a full grid (ROBUST + region servers) an attached
> regionserver cant bypass the pass checks because the command for saving an
> IAR wouldent be on there side. Thay could however LOAD IAR's.
> Anyway just thoughts
>
>
> tnx
>
>
> -----
> Our New Web Page
> Http://www.TritonGrid.com
>    

_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Save IAR function

Chris Kennedy-2
Just my thoughts on this in addition to below... Why not just have the
save iar command exclude items in your inventory from the archive if the
item does not belong to you AND it is not full permissions? Seems like
it would be easier to implement, would avoid having to run a grid mode
server to make inventory backups (if I understood your post correctly),
and would achieve the same thing? :)

On 5/10/2010 3:09 AM, Chris Kennedy wrote:

> Would this potentially affect people running OpenSim in standalone
> mode? I don't want to have to switch all my configs over to grid mode
> just to be able to back up my inventory on my own sandbox ...
>
> On 5/9/2010 8:39 PM, Master_Mirage wrote:
>> This works fine but a situation came up that got us thinking. Why not
>> move
>> save IAR command into ROBUST and not have it in region server at all,
>> load
>> IAR stays with the region server. In that way only full grid ops can
>> actualy
>> make an IAR for a user as other regions servers that may connect to a
>> hosted
>> robust service cant abuse it.
>> The situation was a user req there IAR and thats fine as were a
>> walled grid
>> and we want them to have there stuff if thay wish to goto another
>> grid or in
>> this case start there own.
>> Im shure its more complex todo than say, it just seems more secure
>> because
>> unless there running a full grid (ROBUST + region servers) an attached
>> regionserver cant bypass the pass checks because the command for
>> saving an
>> IAR wouldent be on there side. Thay could however LOAD IAR's.
>> Anyway just thoughts
>>
>>
>> tnx
>>
>>
>> -----
>> Our New Web Page
>> Http://www.TritonGrid.com
>
> _______________________________________________
> Opensim-users mailing list
> [hidden email]
> https://lists.berlios.de/mailman/listinfo/opensim-users
>

_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Save IAR function

Master_Mirage
In reply to this post by Chris Kennedy-2
Chris Kennedy-2 wrote
Would this potentially affect people running OpenSim in standalone mode?
I don't want to have to switch all my configs over to grid mode just to
be able to back up my inventory on my own sandbox ...
--------------------------------------------------------------------------

Perhaps the function could detect the mode its beeing under. In SA mode you allready have the whole database on your side anyway but in a full grid the regions servers donot as the data is stored on the hosts server. The host database contains everyone data (not just your own). What we dont want is some clever lamer getting someone elses stuff using there attached region as a way of doing that.
If the save IAR function knows the diff. then perhaps it will not allow remote use of save iar but will allow it if it comes from the robust console insted. In SA the save IAR function would allow it because it knows your running in SA mode and not grid.

_______________________________________________
Opensim-users mailing list
Opensim-users@lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-users
Our New Web Page
Http://www.TritonGrid.com
Reply | Threaded
Open this post in threaded view
|

Re: Save IAR function

Master_Mirage
In reply to this post by Master_Mirage
On further thought, what if there were a setting in the  robust.ini that a grid owner can set that would ether allow remote iar save req. or not and if not then only IARs could be made on the host robust services and reject all other remote requests for the function.

That way SA users would not be effected as the problem really is more one in full grid than SA anyway.

just more thoughts

Our New Web Page
Http://www.TritonGrid.com
Reply | Threaded
Open this post in threaded view
|

Re: Save IAR function

Diva Canto
Here are some technical details about IARs.

IARs, logically, belong to the inventory service. Wherever the inventory
service runs, IAR save/load should run. In standalone the inventory
service runs in the same process as the sim; in a grid, it runs in a
separate process. In a grid like OSGrid, it's always possible to write
up a region module that hooks up to the inventory server for this.
All is well.

However, the main obstacle to doing this is that at this time IARs have
an unsurmountable (and, in my opinion, unjustifiable) dependency on the
simulator code. More precisely, to de/archive objects in inventory, and
their inner inventories, IAR uses SceneObject, a class that is at the
center stage of the simulator. In other words, the inventory service
would have to load up the simulator code in memory just to de/archive
inventory...

While this dependency is not eliminated, IARs will continue to be stuck
to the simulator.

Master_Mirage wrote:

> On further thought, what if there were a setting in the  robust.ini that a
> grid owner can set that would ether allow remote iar save req. or not and if
> not then only IARs could be made on the host robust services and reject all
> other remote requests for the function.
>
> That way SA users would not be effected as the problem really is more one in
> full grid than SA anyway.
>
> just more thoughts
>
>
>
> -----
> Our New Web Page
> Http://www.TritonGrid.com
_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users
Reply | Threaded
Open this post in threaded view
|

Re: Save IAR function

Master_Mirage
Thank you diva. You have shed some light on it.
In our case the potental abuse is rather low beeing walled.
We really dont want tobe walled at all and with all of the changes in .7++ its looking alot more attractive to tearing them down finnaly. we would love nothing better than allow our servers to be shared as well as HG abuiltys. At the same time we also have to be reponcable to our users to. When we look at a new rev. we look hard at the potental for abuse or error, If it is verry low then we will comeout from behind our wall's :)
In fact alot of the past issues ether have been fixed or are beeing worked on in .7 on up and is why we had this converstaion about our grid and IAR's. We really are excited to see all the work Opensimulator has been doing.

Tnx
Our New Web Page
Http://www.TritonGrid.com
Reply | Threaded
Open this post in threaded view
|

Re: Save IAR function

justincc
In reply to this post by Diva Canto
[hidden email] wrote:

> Here are some technical details about IARs.
>
> IARs, logically, belong to the inventory service. Wherever the inventory
> service runs, IAR save/load should run. In standalone the inventory
> service runs in the same process as the sim; in a grid, it runs in a
> separate process. In a grid like OSGrid, it's always possible to write
> up a region module that hooks up to the inventory server for this.
> All is well.
>
> However, the main obstacle to doing this is that at this time IARs have
> an unsurmountable (and, in my opinion, unjustifiable) dependency on the
> simulator code. More precisely, to de/archive objects in inventory, and
> their inner inventories, IAR uses SceneObject, a class that is at the
> center stage of the simulator. In other words, the inventory service
> would have to load up the simulator code in memory just to de/archive
> inventory...

I completely agree, it isn't a good dependency.  It was a good tactical option for quick implementation but it would be great to be able to inspect objects without instantiating all the bagging of SceneObject.  I suspect no-one should hold their breath for this, though :-)

--
Justin Clark-Casey (justincc)
http://justincc.org
http://twitter.com/justincc
_______________________________________________
Opensim-users mailing list
[hidden email]
https://lists.berlios.de/mailman/listinfo/opensim-users