[Bf-committers] "Security" gets in the way
Benjamin Tolputt
btolputt at internode.on.net
Thu Apr 29 02:31:50 CEST 2010
Charles Wardlaw wrote:
> The simple answer is: they don't. If Maya tried to add security settings to files you can bet your own child the uproar would be heard into space, and they'd roll back the change pretty quickly.
>
According to the Maya documentation, there is a check-box that allows
you to disable the execution of "script nodes" when opening the file.
This would indeed be a "security measure" available and there has been
no uproar on it that I've heard of.
> The same goes for all other packages I've used which implement Python.
>
See my earlier email on HOW Python is used in these applications as
compared to Blender. Maya indeed uses Python in it's expressions(with
the explicit capability of turning them off on open) like Blender does.
The other "heavy hitter" applications do not. Their use of Python is in
the construction of plugins from script - not in the embedding of Python
in expressions used in rigs.
joe wrote:
> Why do we need these "security" features anyway? It's not like there
> aren't tons of exploits that could be taken advantage off anyway.
> Blender is a producton 3d app, not a web browser.
>
Because Blender is a free modelling, animation, rendering application
made available to all people wanting to get their hands dirty in 3D
graphics. It is not just production studios that use it, but tens of
thousands of people that wish they could be in graphics production. Some
of them are working realistically towards that goal (training themselves
and putting together better & more complex scenes/animations) and some
are just playing at the shallow end of the pool playing with rigs and
scripts they download online (alot like the Renderosity crowd of Poser
users). Overall though, a fair proportion of these users (that
significantly outnumber professional users) will have no concept if what
a production environment IS, let alone any security implications therein.
Provided Blender continues to get more popular (and I don't see any
reason why not, I've got pro artists hanging out for the "easier to use
Blender 2.5"); this means more & more casual users. As this casual user
base grows, it becomes a more inviting target for malware authors.
More information about the Bf-committers
mailing list