• All submissions to this site are governed by Second Life Project Contribution Agreement. By submitting patches and other information using this site, you acknowledge that you have read, understood, and agreed to those terms.
Issue Details (XML | Word | Printable)

Key: SVC-1086
Type: New Feature New Feature
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: kelly linden
Reporter: kelly linden
Votes: 84
Watchers: 59
Operations

If you were logged in you would be able to see more operations.
2. Second Life Service - SVC

LSL http_server

Created: 18/Dec/07 09:49 AM   Updated: 08/Oct/09 09:44 PM
Return to search
Component/s: LSL HTTP, Scripts, XML-RPC
Affects Version/s: None
Fix Version/s: 1.27 Server

Issue Links:
Duplicate
 
Relates

Linden Lab Issue ID: DEV-6226

Sub-Tasks  All   Open   
 Sub-Task Progress: 
No sub-tasks match this view.

 Description  « Hide
(more) Complete design: https://wiki.secondlife.com/wiki/LSL_http_server

Goals

Create an alternative to the XMLRPC server for communication with LSL scripts initiated from outside Second Life that is easy to use and scalable.

LSL

  • llRequestHTTPServerURL()

An asynchronous event with no return data.
This will create a capability on the cap server that maps to an internal simulator url.
An http_event will be triggered with type 'SERVER_URL' and a body of the cap url created.
If a cap already exists for this object, the existing URL will be passed to the http_event
One server/url per prim.
Example public url: https://sim123.agni.lindenlab.com/cap/f23b4b94-012d-44f2-bd0c-16c328321221

  • llClearHTTPServerURL()

This will clear or invalidate the cap for this lsl http server.
Calling llRegisterHTTPServer again after this should generate a new cap URL.
Triggers an http_event with success/fail. (or just always with 'success' if it is not possible to fail)

  • http_server(string method, list meta, string body)

Event triggered when an URL is hit.

  • method is GET/POST/PUT/DELETE
  • meta is a list of meta data about the request.
    o Initially this is only REQUESTING_HOST which is the IP of the request. This can be extended later as needed.
  • body is the body of the request
  • http_event(integer type, string body)

Triggered for specific events relating to the HTTP server

  • SERVER_URL: body will be the cap url that maps to this scripts http server
  • URL_LOST: no body, triggered whenever a cap is lost or cleared
    o urls will be lost if the object changes regions or the region restarts


 All   Comments   Change History      Sort Order: Ascending order - Click to sort in descending order
kelly linden made changes - 18/Dec/07 09:54 AM
Field Original Value New Value
Link This issue is duplicated by SVC-913 [ SVC-913 ]
kelly linden made changes - 18/Dec/07 10:48 AM
Priority Critical [ 2 ] Major [ 3 ]
Rob Linden made changes - 22/Dec/07 01:18 AM
Workflow jira [ 17916 ] jira-2007-12-21 [ 21556 ]
Rob Linden made changes - 22/Dec/07 01:55 AM
Workflow jira [ 21556 ] jira-2007-12-21 [ 23658 ]
Rob Linden made changes - 23/Dec/07 12:21 AM
Workflow jira-2007-12-21 [ 23658 ] jira-2007-12-22a [ 48652 ]
kelly linden made changes - 13/Jun/08 11:37 AM
Status Open [ 1 ] In Progress [ 3 ]
Cenji Neutra made changes - 13/Jun/08 05:48 PM
Comment [ Good stuff Kelly.

Q: How are DoS attacks against sims handled?
While an attacker can't guess the public URL since it contains a random UUID part (the cap key), wouldn't they still be able to bring a sim to is knees by just flooding HTTP requests with random (non-cap) requests? I realize the requests will be rejected by the server as invalid, but it still have to respond to them all and that'll cause legitimate incoming requests to be crowded out, no?
It there any sort of source-IP address based throttling of the incoming requests handled upstream from the sim in the network path? That might not stop attacks that use bot nets or IP spoofing, but it'll stop the naive attacker who aims to bring the sim of someone they don't like down using a quick shell script or whatever (which it likely to be the most common case in my estimation).
]
anthony reisman made changes - 19/Aug/08 02:05 PM
Link This issue is related to by SVC-310 [ SVC-310 ]
Escort DeFarge made changes - 02/Sep/08 12:25 AM
Comment [ In case this hasn't made it into the design mix... if the key in the url were the object key, then it's extremely easy to imagine setting up a script/http client to achieve denial of service (i.e. griefing of this functionality). If the key returned is not the object key then it would be very hard to do that.
]
Hewee Zetkin made changes - 27/Oct/08 10:08 AM
Link This issue is related to by SVC-3331 [ SVC-3331 ]
Sue Linden made changes - 13/Nov/08 12:07 PM
Workflow jira-2007-12-22a [ 48652 ] jira-2008-11-14 [ 81556 ]
Sue Linden made changes - 13/Nov/08 04:34 PM
Workflow jira-2008-11-14 [ 81556 ] jira-2008-11-14a [ 88496 ]
Vampaerus Wysznik made changes - 18/Mar/09 05:47 AM
Link This issue is related to by SVC-3245 [ SVC-3245 ]
Stephen Psaltery made changes - 28/Mar/09 11:31 AM
Link This issue is related to by SVC-4048 [ SVC-4048 ]
Xugu Madison made changes - 08/Jul/09 06:05 AM
Link This issue is related to by SVC-4109 [ SVC-4109 ]
kelly linden made changes - 21/Jul/09 09:38 PM
Status In Progress [ 3 ] Resolved [ 5 ]
Fix Version/s 1.27 Server [ 10460 ]
Resolution Fixed [ 1 ]
Cinco Pizzicato made changes - 27/Jul/09 03:43 PM
Link This issue Relates to SVC-3297 [ SVC-3297 ]
Solo Mornington made changes - 07/Oct/09 11:43 AM
Link This issue is related to by SVC-4898 [ SVC-4898 ]

Powered by Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators