Question: Access list, but when do we get a ban list?


Access list is handy, but you close the door for everybody except on the list.
But what if somebody wants to ban a griefer for some reason ?

mabey good time to talk about this part of virtual world ?


I already do estate security for other virtual worlds. Looking forward to doing the same for HF domains. Now, do the scripts in entities run in the stack manager? What kind of latency is expected of them?


Scripts in entities run clientside. So it wouldn’t stop a modified client from accessing.


I’d just like to see it 100% certain only allowed editors for a domain can place, edit, remove objects. It seems even that isn’t as absolute as we might like to think. It’s back to you either have a closed domain or you play the clear trash/restore deleted objects game on a near daily basis.

Then we can get into all those advanced things like parceling and access control on a less than full domain scale. Also when it comes to what seems to be of interest in domains… here’s a fun exercise, write a parser to correlate your domain access log to your web server log and see how many requests for assets come when your domain is empty. In my case… about 2.9% correlated to no agents in domain when request was made and requesting User Agent string matched HF’s UA string.

Edit - something about this kept bothering me - it wasn’t twenty nine percent it was 2.9 (two point nine percent). That being said - it was 100% too many.

Once I closed my domain to public access, had it removed from visible listings and changed my URL references I went back to a 100% correlation between assets fetched and agent presence in domain.


I rather wish I could find an architecture specification on all this. Earlier I was told that scripts in entities do not run in the interface (if by ‘client’ you mean the interface app). Scripts in entities run in the distributed servers, and yes that broadens the trust chain to an unmanageable level. This is something in need of specification: where do entity scripts run, is there or will there be a preference property to marshal them onto trusted severs.


Why not just put in an htaccess to block it from MOST unauthorized downloads?

SetEnvIfNoCase User-Agent .*HighFidelityInterface.* hifi

Order Deny,Allow
Deny from All
Allow from env=hifi



I hope this usefull for you,

It’s mabey not complete uptodate, lot’s of things changed. @chris how much is still valid on this architecture diagram ?


@Richardus.Raymakerit, the diagram is accurate. Except Voxel server is an Entity server.