Friday, July 9, 2010

REST/HTTP Security and Configuration Settings for Snowglobe-375

Snowglobe-375 has a few extra security and configuration settings that control how external scripts access the API. You can override the defaults throughs the the "Show Debug Settings" menu option availabled in the Advanced menu.



For those not familiar with Snowglobe-375, it is a build of Snowglobe based on the official sources with the SNOW-375 patch applied.

Then popup then shows a drop-down list of variables that you can choose from and change. The ones we are interested here all start with "Interface" in the variable name.


Here is a list of of each variable name, and you'll notice a quick help text message in the popup.
  • InterfaceAllowConnections
  • InterfaceAllowRemoteConnections
  • InterfaceServerPort
  • InterfaceStartupCapability
  • InterfaceVerifySessionCookie
After you make a change you just click on the X (close) button and the change is saved. Further details for each variable:

InterfaceAllowConnections

Set to false if you want to deny any connection otherwise set to true to allow connections. If this is set to false then it essentially disables the entire REST/HTTP client/server API. You'll need to restart Snowglobe after you switch it to true to enable the interface again. Default is true.

InterfaceAllowRemoteConnections

Set to false to only allow connections from your local machine (those with the same IP address). Set to true if you want to allow remote connections which don't have the same IP address as your machine. This is useful for those that want to run Snowglobe on one machine and Icesphere on a different machine. Snowglobe's built-in HTTP server doesn't provide HTTPS listener, so don't set it to true unless your Snowglobe instance is secure from other remote connections, like behind a firewall.  Default is false.

There has been many request to be able to chat in-world from a laptop and run Snowglobe viewer on the desktop PC within a home network, so the InterfaceAllowRemoteConnections variable allows such option.

InterfaceServerPort

Set to a port number for incoming REST/HTTP connections the server listens upon. Default is 50140.

InterfaceStartupCapability

Set to an address URI that, if not blank or empty, will be used to upon startup to connect to an external application. If blank or empty, an external application has to be notified manually to connect to Snowglobe. This allows for automatic notification when Snowglobe is ready for API connections. Default is blank.

InterfaceVerifySessionCookie

Set to true add an extra security measure that enforces sessions verification for each API query. Set to false to disable sessions. The false value is useful to allow debugging and quality assurance tools that don't share the same session cookie. The true value denies connections that don't have the current session cookie. A cookie, in this sense, is randomly generated value per session used for each query. Basically, it can be used to lock-down the API to a single client/server connection. Default is true.

Let me know if this was helpful.