Orb Offcourse {L_WROTE}:
The region touts that you can make your purchases with Globits and take those purchases back to your home grid. I'm not so concerned that the Globits aren't secure, but my worry is that once an item has been delivered back to the home grid for the customer, have extra steps been taken that would prevent the database owner from opening the db in a query browser and changing the permissions or the owner, or the creator to themselves? I've had to do that for my own items a few times (I wasn't smart enough to use the same UUID for myself when we moved from 6 to 7 and the grid had to be remade from oars, I know better now).
If you run your own region, then you run your own region database. So whatever someone rezzes on your region can be altered. Besides tampering with the database it's also possible to request admin rights and just fullperm/become owner (but not creator) through the admin menu.
That is the case on open grids. Closed/commercial grids usually don't allow this since besides controlling the grid services they manage all customers regions and decide what their customers are permitted to do with the regions.
I have never heard of a case where someone deliberately put themselves as creator for bragging rights or whatever, so don't worry. Throughout the whole hypergrid metaverse you'll see things here and there that have a different name than the original creator. This is because some people don't know to take care of preserving the creator name when exporting/importing. Also, that preserving wasn't even possible until about OpenSim 0.8+ and there is still a lot of older content out there.
Orb Offcourse {L_WROTE}:
I'd like to sell some items in OpenSim but I don't want to end up in the situation where my items are copied out of OS and uploaded to SL (where I also sell some of those same items) such that I end up competing with my own products for sell at a lower price.
I wouldn't worry about this at all. Remember, such people don't buy your stuff to then copy it. They just copy it regardless, wherever they come across it; it only has to be visible to their copybot viewer inworld. I would worry more about what you sell in SL to be botted and then resold, since the chance of botting is a gazillion times higher in SL than in OpenSim. Botters flock to places with the neatest stuff, and OpenSim isn't that place.
Orb Offcourse {L_WROTE}:
So, that's my honest question. I'm just looking for an honest answer. If nothing has been done to secure those listings in the database, if they are in there just as all the other assets are without any other safeguards, I know the fields can be overwritten to whatever the person editing the database wants. I'd love a secure way to sell in OS, I'm hoping extra steps have been taken to protect the content, but... have they? Is there anyone in the know that can enlighten me?
This is about 2 DB's. One is assets controlled by the grid.. but when a resident rezzes something to their region... a copy of it is made into the region DB. Correct me if wrong please.
The region database protection is only ever as secure as the database administrator makes it to be. And that DB admin is whoever runs that region on their computer/server of which a creator has no say about.
The only way to protect stuff with the perms set is to sell only to non-open tightly controlled grids..
Orb Offcourse {L_WROTE}:
And... while typing this up, I also had the thought, these items, once back in their home grid, will they also export with OARS and IARS like the rest of the assets? OARS and IARS are nothing more than zipped folders. You can open them with 7-zip and see (copy/mod) the items. Textures for example are exported as jpeg2000 format graphics. Once exported and double unzipped (you'll have to unzip twice to see the files, so, unzip the folder, then unzip the folder created on the first unzip) textures (as is) are surely not secure. So clothing wise, the person may have to make the item over again but the texture is the key to remaking an item and that they will end up with it in their OARS and IARS if no other steps have been taken to secure the content.
I'm not sure if this is it, but a grid can have in Robust.ini:
{L_CODE}:
;; Allow supporting viewers to export content
;; Set to false to prevent export
ExportSupported = true
I know some grids add second meaning to certain combinations of permissions, which I think is a total wrong approach and breaks expectations of established permissions as we know them. Really they should submit a patch to have the [X] Export permission working in the viewer instead.
Anyway this permission is usually Copy AND Transfer and then your item can be saved in an IAR or OAR backup. Another weird one I came across on a grid is if Object Price > 0 then it's decided to not be exportable. Really bad, certainly a grid where I will not settle down with my store because then hypergridders won't be able to buy and take their item home.
Orb Offcourse {L_WROTE}:
And, do these same security holes apply to Kitely since they also allow the items to be delivered back to the home grid? Or has Kitely taken extra steps to prevent this type of theft from happening?
If you intend to sell on Kitely market, you can choose to NOT mark your product as export, and they won't be saved in OARs (Kitely doesn't support IARs yet). Also the customer won't be able to wear the item when hypergridding, or take it in their 'My Suitcase' folder. Note that when an item is not marked as export, other grids than Kitely won't be able to buy it from you since the product can't be delivered to other grids when it's not exportable. The item can then only be used by Kitely users in the Kitely grid. I suggest asking the Kitely forums for more info.