[Bf-python] misc reflexions...
guignot
guignot at wanadoo.fr
Wed May 14 20:36:27 CEST 2003
1) Security.
I think everyone is aware about security and Blender.
These probs can be very important : Suppose Blender is used in an
industrial environment, for a virtual 3D movie.
Artists are not security specialists, and with very little social
engineering, it would not be difficult to convince a 3D designer to open
a .blend file...
Then the script opens a pipe, and sends me all the preliminary images of
the film...
Even worse : ths script detects a vulnerability in the computer, uploads
a nasty prog, executes it, opens a pipe and binds a root shell to this
pipe...
I had a look at the way Blender restricted the python interpreter. Quite
obfuscated (this simply means that I didn't really understood...), and
poorly designed (for instance, it was impossible to load the module
random, and many scripts sucked...)
I think the best way to achieve a correct security is to use the *rexec*
module of python. I'm not very familiar with this module, but I think it
can provide good (and easy to modify/maintain ) security for Blender.
2) Compatibility.
Strictly speaking, if blender228 were compatible with 2.26, it should
provide all (perhaps more) functionnalities of 226, with the same syntax
and semantics. But the complete list of this API has more than 2000
lines and it has many flaws, for instance "shadow modules" (beginning
with "_" ). I don't think necessary to reproduce these flaws :-) and
few users are willing to use "Blender._Blender.Scene.get()... )
3) Do you know source navigator ? Very very handy tool for exploring,
modifying sources, GPL, Unix/Windows. Not -*-very-*- robust. Worth a
try! (it's on sourceforge )
4) The module Curves is going on... Say 50% finished. Intensively used
the Camera module, and the test file of Jan Walter.
See ya!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.blender.org/pipermail/bf-python/attachments/20030514/0ba57659/attachment.html>
More information about the Bf-python
mailing list