[Bf-committers] Please turn off Auto Run Python Scripts by default
Jürgen Herrmann
shadowrom at me.com
Tue Jun 4 20:13:55 CEST 2013
Oh my, this is a delicate topic here.
The security expert within me is furiously trying to break out of his cage,
while the Blender user within me tries to keep the door closed ;)
I must admit David is right in this. We should protect our users from
malicious blend files.
I would suggest a dialogue box that warns of these scripts. This box could
have a checkbox like M$ Word ("Never show this message again").
So the users can decide whether they want to be protected or not.
/Jürgen
-----Ursprüngliche Nachricht-----
Von: bf-committers-bounces at blender.org
[mailto:bf-committers-bounces at blender.org] Im Auftrag von David Jeske
Gesendet: Dienstag, 4. Juni 2013 19:59
An: bf-blender developers
Betreff: Re: [Bf-committers] Please turn off Auto Run Python Scripts by
default
On Tue, Jun 4, 2013 at 8:05 AM, Brecht Van Lommel <
brechtvanlommel at pandora.be> wrote:
> Here's another discussion where the popup idea comes up:
> http://lists.blender.org/pipermail/bf-committers/2010-March/026573.htm
> l
>
> It's a tradeoff, do we really want to degrade usability for this?
I don't think this is a question of degrading expert blender usability.
It's a question of protecting a broader less expert userbase from malicious
blend files.
I think your previous post is an excellent case for not SILENTLY disabling
scripts by default. [1] However, this is not the only option. For nearly a
decade MS-Word has been using a challenge dialog before running scripts. Is
there ideological opposition to default to showing a dialog before
processing python scripts in a blend file?
The decision at the time was that no, we do not. Also note that even
> disabling scripts does not make Blender secure, there's dozens of
> other ways to create malicious .blend files.
>
What are the other "dozen" ways blender could
read/destroy/send-files-to-the-internet/install-viruses with python scripts
disabled?
[1] http://lists.blender.org/pipermail/bf-committers/2010-April/027216.html
_______________________________________________
Bf-committers mailing list
Bf-committers at blender.org
http://lists.blender.org/mailman/listinfo/bf-committers
More information about the Bf-committers
mailing list