Just a little note- it’s 4-digit numeric only for now, although I’m wondering what you would think about having 1,679,616 possible combinations instead of 10,000

How the PIN is used

The PIN is used with the secret sauce in the API scripts for SLOpenID’s services. At the time of posting, only SLNTPoHTTP (Second Life Needs Time Parsing over Hyper Text Transfer Protocol) has a fully working API.

SLOpenID API scripts will be set to no-mod, with full copy & transfer perms, so as to prevent distribution of maliciously altered code. Since you won’t be able to modify the source code of the API scripts, you’ll be needing to use the linked message functions.

Security Warning

Because you’ll be using link messages, and you’ll likely be wanting to give the products using the SLOpenID services out to peeps, it’s not advisable to leave the scripts or object with mod perms on them. If you leave the script with full modify rights, peeps can nab your service PIN and masquerade as yourself (as far as the server is concerned). If you leave the object with modify rights on it, peeps can drop in a listener and grab your PIN that way, and “inject” requests. This will of course be taken care of the moment the suitable LSL functions are made available (e.g. getting the creator of inventory items, and identifying which script a link message comes from), but for now, for your own sake and ours, please take these two simple security precautions under advisement.

Other security notice

The observant among you will notice that we don’t have SSL installed yet- this is because of the way DreamHost operates, not due to any lack of desire or priority on our part. If we could, we would install a self-signed certificate while we save up for a kick-ass uber-high encryption rate certificate, but alas, we cannot.

This does mean that your passwords are being broadcast over plain text, and for the security concious or paranoid among you, this means that people do have the ability to read your passwords if they are looking. So as always with these kinds of things- do not use your Second Life Password, do not use a password you use for any sensitive accounts such as online banking, where possible, rely on the ability to change your password to a random one with the HUD. While this state of affairs is only a temporary measure, you should, as a means of good practice, avoid using the same password for different services wherever possible.