[Bf-committers] Please turn off Auto Run Python Scripts by default
Shrinidhi Rao
shrinidhi666 at gmail.com
Wed Jun 5 17:29:52 CEST 2013
Disabling os module might cause a lot of problems. Pipeline and other batch
scripts rely on it a lot.
We also use a lot of absolute path in our pipeline scripts since we move a
lot of files across directories for version control , publishing to the
next stage , import directories of the stages , etc ., etc . using relative
paths causes a lot of problems here .
A cli option to disable all this security thingies would be great boon if
at all the security measures are implemented.
On Wed, Jun 5, 2013 at 8:46 PM, Jason van Gumster <
jason at handturkeystudios.com> wrote:
>
> Ton Roosendaal <ton at blender.org> wrote:
>
> > Hi,
> >
> > > Things
> > > that we need to do are in the file manipulation range, such as moving
> or
> > > renaming large numbers of files
> >
> > Well, that you can do outside Blender via regular Python too?
> >
> > Further - if we can make file manipulations in the UI work sane/safe (and
> > usable still), the hacked os module would just do same :) You will also
> > define your own blends to be 'trusted' and allow scripts there to write
> > anywhere you want (or not).
> >
> > -Ton-
>
> This is likely to be problematic. I know I've relied on the os module for a
> number of my own internal scripts for pipeline as well as other tasks...
> and
> not just for file I/O. For example, the subprocess library is likely a huge
> security hole, but it's incredibly useful (almost required) for calling
> programs that don't have a Python API (or only a python2 API). Sure, a lot
> of
> these things could be done outside of Blender, but it's far more
> convenient to
> have it inside... especially for external artists who don't roll their own
> Blender.
>
> In addition to my own esoteric scripts, I'd be curious about how this might
> impact Import/Export scripts as well as external renderers.
>
> -Jason
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
>
--
regards
- shrinidhi
Even god fails to understand a human until his death!
http://www.linkedin.com/in/shrinidhi666
https://github.com/shrinidhi666
<http://www.imdb.com/name/nm3025616>
More information about the Bf-committers
mailing list