[Bf-python] misc reflexions...

[guignot]

1) Security.

I think everyone is aware about security and Blender.

These probs can be very important : Suppose Blender is used in an 
industrial environment, for a virtual 3D movie.
Artists are not security specialists, and with very little social 
engineering, it would not be difficult to convince a 3D designer to open 
a .blend file...
Then the script opens a pipe, and sends me all the preliminary images of 
the film...
Even worse : ths script detects a vulnerability in the computer, uploads 
a nasty prog, executes it, opens a pipe and binds a root shell to this 
pipe...

I had a look at the way Blender restricted the python interpreter. Quite 
obfuscated (this simply means that I didn't really understood...), and 
poorly designed (for instance, it was impossible to load the module 
random, and many scripts sucked...)

I think the best way to achieve a correct security is to use the *rexec* 
module of python. I'm not very familiar with this module, but I think it 
can provide good (and easy to modify/maintain ) security for Blender.

2) Compatibility.
Strictly speaking, if blender228 were compatible with 2.26, it should 
provide all (perhaps more) functionnalities of 226, with the same syntax 
and semantics. But the complete list of this API has more than 2000 
lines and it  has many flaws, for instance "shadow modules" (beginning 
with "_" ). I don't think necessary to reproduce these flaws :-)  and 
few users are willing to use "Blender._Blender.Scene.get()... )

3) Do you know source navigator ? Very very handy tool for exploring, 
modifying sources, GPL, Unix/Windows. Not -*-very-*- robust. Worth a 
try! (it's on sourceforge )

4) The module Curves is going on... Say 50% finished. Intensively used 
the Camera module, and the test file of Jan Walter.

See ya!



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.blender.org/pipermail/bf-python/attachments/20030514/0ba57659/attachment.html>