[Bf-committers] "Security" gets in the way

Benjamin Tolputt btolputt at internode.on.net
Wed Apr 28 04:57:53 CEST 2010


Matt Ebb wrote:
> Sure, one can say "oh it's your fault for not enabling the options"
> but that brings me back to the original point - regardless of whether
> you want to blame the user or not, the existence of this 'security'
> does cause real practical problems. Especially in cases like I
> described above where you're tired and stressed meeting a deadline and
> the last thing on your mind is going to disable some stupid security
> preference and saving default preferences.

Well, first thing to note is that I think that the current
implementation is not really a solution and needs to be turfed. There is
no way of knowing if someone has tampered with a file on a website, so a
malicious user need only hack the web-site of someone putting up, say, a
useful base rig that was verified in the past as "secure". It is trivial
to then link Python code into every file then saved by Blender. Given
the fact Python is the problem - I don't see a solution with it as the
scripting foundation of Blender as things stand currently.

That said, I find the idea that one doesn't want to flick one extra
switch on initial setup a relatively weak reason not to include
security. There is always going to be a trade-off with security - it is
/built-in/ to the whole model of limiting what can be done so as not to
compromise/hurt yourself. And not allowing it to be set as the default
basically makes it useless (because those most vulnerable will not even
know to look for it to turn on).

I know & understand your position on this (I've lost count of how many
time a missing password or command line flag has meant an overnight data
processing run has come out bad); but that doesn't mean I agree with
your position that some small hassle ONCE on install outweighs security
concerns.

Our disagreement is all superfluous though because I think the current
security option is worse than none. It both provides an illusion of
security AND causes all the hassles (& more?) a real solution would entail.


More information about the Bf-committers mailing list