[Bf-committers] Do drivers have to be blocked as python scripts?
Mike Pan
mike.c.pan at gmail.com
Fri May 23 18:46:18 CEST 2014
I don't think any type of checking will be safe against a determined
attacker. One could conceivably rename objects to contain malicious code,
and then use these as RNA path in an expression.
-m
On Fri, May 23, 2014 at 8:57 AM, Vilem Novak <pildanovak at post.cz> wrote:
> thanks for the reactions.
> From the proposed solution I think that most sane solution would be some
> limitation for the one-line expressions, assumably all of those which
> Joshua
> proposed.
>
>
>
>
> Maybe there is a simple way to put all these limitations into a simple
> string-checking operation, just check if expression does not have:
>
> anything else but driver vars, operators, math functions(this might be the
> complex part, to define what should be included in this.)...
>
>
>
>
> I mean- rather check if there's what is allowed, then you don't have to
> care
> what all should be forbidden, because that is everything else...
>
>
>
>
> Of course, this can again lead to similar situation - an artist does
> something not allowed, he is again stuck with not knowing what is wrong
>
> (e.g. on the renderfarm), but I assume it would be much less cases. I
> cannot
> currently imagine creative cases which would end like this.
>
>
>
>
> Regards
>
> Vilem
>
>
>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at blender.org
> http://lists.blender.org/mailman/listinfo/bf-committers
>
More information about the Bf-committers
mailing list