[Bf-committers] Please turn off Auto Run Python Scripts by default
Jason van Gumster
jason at handturkeystudios.com
Wed Jun 5 17:16:54 CEST 2013
Ton Roosendaal <ton at blender.org> wrote:
> Hi,
>
> > Things
> > that we need to do are in the file manipulation range, such as moving or
> > renaming large numbers of files
>
> Well, that you can do outside Blender via regular Python too?
>
> Further - if we can make file manipulations in the UI work sane/safe (and
> usable still), the hacked os module would just do same :) You will also
> define your own blends to be 'trusted' and allow scripts there to write
> anywhere you want (or not).
>
> -Ton-
This is likely to be problematic. I know I've relied on the os module for a
number of my own internal scripts for pipeline as well as other tasks... and
not just for file I/O. For example, the subprocess library is likely a huge
security hole, but it's incredibly useful (almost required) for calling
programs that don't have a Python API (or only a python2 API). Sure, a lot of
these things could be done outside of Blender, but it's far more convenient to
have it inside... especially for external artists who don't roll their own
Blender.
In addition to my own esoteric scripts, I'd be curious about how this might
impact Import/Export scripts as well as external renderers.
-Jason
More information about the Bf-committers
mailing list