[Bf-committers] "Security" gets in the way
Charles Wardlaw
cwardlaw at marchentertainment.com
Thu Apr 29 05:44:30 CEST 2010
> According to the Maya documentation, there is a check-box that allows
> you to disable the execution of "script nodes" when opening the file.
> This would indeed be a "security measure" available and there has been
> no uproar on it that I've heard of.
It's actually not a security measure, although I can see why it could
be viewed as such.
That feature is in there because sometimes Maya can save out files it
cannot read back in, and often the only way to get at your data in
order to salvage some of it is to disable scripts and expressions. I'm
using that feature at work to debug some inherited assets because when
I load them up straight Maya likes to hang.
But there's a difference between that and what Blender's currently
doing: that "security" feature is opt-in. Blender's is not, but in my
opinion should be.
And as an aside, that feature in Maya can be gotten around with
deferred execution and a hack in a Maya ASCII file. Again: not
security, but a debugging tool.
I'm surprised that nobody has mentioned the simple solution of
disallowing automatic scripts and scripted constraints from accessing
the os and sys modules (perhaps limiting imports to only bpy). It'd be
easy enough to implement as a security measure by just scanning the
code or executing the code in a space where those modules were never
importable, but wouldn't break rigs.
~ C
>
More information about the Bf-committers
mailing list