[Bf-committers] Blender security paranoia
leif.a.andersen at gmail.com
Wed Mar 24 21:40:39 CET 2010
Well. I suppose we could take (gags) the apple app store model...where
trusted devs review every plugin that is sanctioned by blender, and just
leave the artists to fend for themselves if they choose to install any 3rd
party plugins. There does seem to be a good foundation for this already:
It seems like this is the approach being taken, and some of these emails
have started to convince me that it is a good enough to leave it alone.
With that being said, I still think that building an integrated plugin
center, or personal tracker (something like http://my.gpodder.org/ would be
a good thing for blender).
My first contribution to the blender community:
On Wed, Mar 24, 2010 at 14:18, Benjamin Tolputt
<btolputt at internode.on.net>wrote:
> Ton Roosendaal wrote:
> > I would consider such a popup the worst of all compromises. If every
> > other option has been exhausted, maybe.
> Without disrespect, there really are no other compromises for security
> purposes. Either you remove or otherwise sandbox the internal
> PyConstraints & other automatic Python hooks coming from the .blend file
> (something I think we've determined is impossible at this point in time)
> or you warn the user about the possibility of untrusted scripts with a
> pop-up (with possibility of disabling them). With the first (safest)
> option removed due to design/time constraints - it really only leaves
> the poor man's security of warning the user.
> Python has access to everything the user account does that ran Blender.
> Either you limit that (currently impossible) or you give the user a
> chance to think about the action. It is pretty much the same thing as
> opening an EXE attachement from an email without anti-virus software.
> The email client cannot determine that the exe is safe or not, so warns
> the user. Like most of this software, Blender can have a "I know what
> the hell I'm doing" switch / command line flag that disables the pop-up
> if desired. I really can't see any other choice aside from ignoring the
> problem outright.
> Benjamin Tolputt
> Analyst Programmer
> Bf-committers mailing list
> Bf-committers at blender.org
More information about the Bf-committers