[Bf-committers] Blender security paranoia

[Benjamin Tolputt]

Ton Roosendaal wrote:
> I would consider such a popup the worst of all compromises. If every  
> other option has been exhausted, maybe.
>   

Without disrespect, there really are no other compromises for security
purposes. Either you remove or otherwise sandbox the internal
PyConstraints & other automatic Python hooks coming from the .blend file
(something I think we've determined is impossible at this point in time)
or you warn the user about the possibility of untrusted scripts with a
pop-up (with possibility of disabling them). With the first (safest)
option removed due to design/time constraints - it really only leaves
the poor man's security of warning the user.

Python has access to everything the user account does that ran Blender.
Either you limit that (currently impossible) or you give the user a
chance to think about the action. It is pretty much the same thing as
opening an EXE attachement from an email without anti-virus software.
The email client cannot determine that the exe is safe or not, so warns
the user. Like most of this software, Blender can have a "I know what
the hell I'm doing" switch / command line flag that disables the pop-up
if desired. I really can't see any other choice aside from ignoring the
problem outright.

-- 
Regards,

Benjamin Tolputt
Analyst Programmer