Trust script

A trust script is used to allow a Core to verify that a Device trying to connect to it was created by the creator of the trust script. Here's a bad example of a trust script: // Trust script for creator trustw0rthyscript0r: integer ORIX_IN = -15180924; integer ORIX_OUT = -15180925; default { link_message(integer sender_num, integer num, string str, key id) { if (num == ORIX_IN) { // This is a trust request if (str == "Trust me!") {	// very bad test! llMessageLinked(LINK_THIS, ORIX_OUT, "trustw0rthyscript0r", id); }    	}     }  } It is a bad trust script because nastyHaxx0r could simply buy a Device by trustw0rthyscript0r, the author of this script, observe the messages sent by it, notice that the trust string is always "Trust me!", and write a Device script that would send that string, thus convincing a Core that it was written by trustw0rthyscript0r.

A good trust script should use a string that isn't always the same. One good way to do this is to make the string include an encoded version of the system time (llGetUnixTime). The trust script could then decode that, and verify that the decoded time is the same as, or a few seconds earlier than, the current time. Now when nastyHaxx0r tries to figure out the trust string, it changes every time, yet when he writes a Device script that sends the same string trustw0rthyscript0r's Device sent, it is refused - because the time does not match.

This isn't a perfect security system, of course, but it should be good enough to make breaking it too much trouble to be worth it for most causal griefers. There are easier targets that will annoy more people.