[Bf-committers] "Security" gets in the way
Benjamin Tolputt
btolputt at internode.on.net
Sat May 1 08:20:29 CEST 2010
Ruslan Merkulov wrote:
> I believe that security is 10% technical and 90% social problem, so
> "web of trust" + educating users on security issues seems to be most
> logical solution and requires the least amount of changes in Blender's
> and third party plugins' code. It seems to work for Mozilla Firefox,
> for example, which is another OSS project that has a rich plugin
> infrastructure. And it's killing two birds with one stone: both
> security and usability.
You are ignoring the difference between DOCUMENT and PLUGIN. Yes,
Mozilla relies on the user to trust the owner of the plugins they
install. But any documents opened in the browser are secured from wiping
your hard-drive.
This is the concept alot of people get confused about. No-one I know is
saying that the plugins & external scripts need to be secure. They NEED
access to sensitive resources (network, file system, etc) to do their
job. It is the fact that scripts within the blend file for the scene, or
"document", have access to the same level of functionality.
Any document that can be opened in FireFox and read/write files on your
hard-drive is rightly classified as exposing a bug in the software.
More information about the Bf-committers
mailing list