Where’s your headers at?

I am so close to having a working solution or my delivery system. I’m able to:

  • touch an object
  • send a inventory request to a server
  • validate the object has authorization for such a request
  • throw the request in a queue
  • have a worker process pick up the queue
  • find a drop box that is online and has the inventory
  • send the drop box a command to deliver

That’s a lot to get worked out. The problem is how I instruct my box to make a delivery. I have to tell it wat item to deliver, and who it should deliver to. I thought I could simply read a custom header such as llGetHTTPHeader(id, “inventory”). It seems that the platform is restricting my headers from getting through. I sent my request to a PHP page just to confirm if the header was being sent in the first place, and yep – they were.

I reported a bug about it with [SVC 5250] – Headers missing from llGetHTTPHeader. I’ll have to look at another way of sending data to the objects. It could be as simple as hijacking a common HTTP header such as “User-Agent”, since I am able confirm that I can change and read that one. It just seems a bit silly for a solution. I could also add it to the path (x-path-info) or add a query string (x-query- string).

Headers just seemed to make more sense since it’s harder for people to imitate and are kind of hidden. Of course, obscurity through security is not secure at all since there are ways to monitor what is going on.

My hands are numb from the low temperatures in the house and it’s a bit hard to type. I’ll be turning in now.

posted by Dedric Mauriac on Applewood using a blogHUD : [blogHUD permalink]

Comments are closed.

%d bloggers like this: