[Bf-committers] Blender 2.42 Web Browser Plugin
Erwin Coumans
erwin at erwincoumans.com
Sat Jul 8 19:44:18 CEST 2006
Thanks Stephen,
The web plugin has sandbox security, but it is not signed, but neither is
Blender/game player.
It's good to have this discussion.
>>Releasing something like this does not seem like a good idea.
So in return, Please correct me if I am missing something here:
Releasing an unsigned installer for an ActiveX control is less risky then
releasing an unsigned executable for Blender and its Game player, which are
both not sandboxed. For regular Blender and game player, people who open a
.blend and press 'p' have the risk of evil spirits to delete files, upload
files to another account etc. This risk is not existing in the safer
sandboxed ActiveX control/webplugin.
In the end, it would be better to have a company backing up the web plugin,
including some support and signing with verisign. I'll try to bring the web
plugin in a state that some company might back it.
:-)
Erwin
----- Original Message -----
From: "Stephen Swaney" <sswaney at centurytel.net>
To: "Erwin Coumans" <erwin at erwincoumans.com>; "bf-blender developers"
<bf-committers at projects.blender.org>
Sent: Saturday, July 08, 2006 10:17 AM
Subject: Re: [Bf-committers] Blender 2.42 Web Browser Plugin
> On Sat, Jul 08, 2006 at 09:54:33AM -0700, Erwin Coumans wrote:
>>
>> Hi Stephen Swaney,
>>
>> Did you just 'speculate' there is no sandbox, or did you verify that? Did
>> I
>> miss something?
>
> I did not go so far as to 'speculate'. I was asking for information.
> That was the meaning of
>
> >> Please correct me if I am missing something here,
>
> I know we had discussed sandboxing as a group and agreed there was a
> serious security issue to deal with. That was the last I heard on the
> subject; no proposals or solutions.
>
> Thanks for the info!
>
> --
> Stephen Swaney
> sswaney at centurytel.net
>
>
More information about the Bf-committers
mailing list