[Bf-committers] Blender 2.42 Web Browser Plugin

Erwin Coumans erwin at erwincoumans.com
Sat Jul 8 19:44:18 CEST 2006


Thanks Stephen,

The web plugin has sandbox security, but it is not signed, but neither is 
Blender/game player.
It's good to have this discussion.

>>Releasing something like this does not seem like a good idea.

So in return, Please correct me if I am missing something here:
Releasing an unsigned installer for an ActiveX control is less risky then 
releasing an unsigned executable for Blender and its Game player, which are 
both not sandboxed. For regular Blender and game player, people who open a 
.blend and press 'p' have the risk of evil spirits to delete files, upload 
files to another account etc. This risk is not existing in the safer 
sandboxed ActiveX control/webplugin.

In the end, it would be better to have a company backing up the web plugin, 
including some support and signing with verisign. I'll try to bring the web 
plugin in a state that some company might back it.

:-)
Erwin

----- Original Message ----- 
From: "Stephen Swaney" <sswaney at centurytel.net>
To: "Erwin Coumans" <erwin at erwincoumans.com>; "bf-blender developers" 
<bf-committers at projects.blender.org>
Sent: Saturday, July 08, 2006 10:17 AM
Subject: Re: [Bf-committers] Blender 2.42 Web Browser Plugin


> On Sat, Jul 08, 2006 at 09:54:33AM -0700, Erwin Coumans wrote:
>>
>> Hi Stephen Swaney,
>>
>> Did you just 'speculate' there is no sandbox, or did you verify that? Did 
>> I
>> miss something?
>
> I did not go so far as to 'speculate'.  I was asking for information.
> That was the meaning of
>
>  >> Please correct me if I am missing something here,
>
> I know we had discussed sandboxing as a group and agreed there was a
> serious security issue to deal with.  That was the last I heard on the
> subject; no proposals or solutions.
>
> Thanks for the info!
>
> -- 
> Stephen Swaney
> sswaney at centurytel.net
>
> 




More information about the Bf-committers mailing list