[Bf-python] misc reflexions...
Willian Padovani Germano
wgermano at ig.com.br
Thu May 15 13:44:40 CEST 2003
Hi,
On Wed, 2003-05-14 at 15:36, guignot wrote:
> 1) Security.
>
> I think everyone is aware about security and Blender.
> I had a look at the way Blender restricted the python interpreter. Quite
> obfuscated (this simply means that I didn't really understood...), and
> poorly designed (for instance, it was impossible to load the module
> random, and many scripts sucked...)
This is to become obsolete once the new implementation becomes usable.
But we'll then need to take care of security, etc. in the new (and more
readable) code.
> I think the best way to achieve a correct security is to use the *rexec*
> module of python. I'm not very familiar with this module, but I think it
> can provide good (and easy to modify/maintain ) security for Blender.
I check it, thanks. But this one is a python module, we'd need freeze
to use it and getting rid of freeze is one of the reasons behind
implementing the new api.
Since all the embedding is now done in C, we need a clean way to, in C,
restrict certain things:
- restricting file access to user defined (if they choose to do so)
folders;
- avoid use of the system() function, that executes external programs.
There's also the problem of scripts crashing or hanging Blender itself
by making it perform very time- or memory-consuming actions (which btw
rexec documentation says it doesn't cover), but this one is not that
bad.
> 2) Compatibility.
> Strictly speaking, if blender228 were compatible with 2.26, it should
> provide all (perhaps more) functionnalities of 226, with the same syntax
> and semantics. But the complete list of this API has more than 2000
> lines and it has many flaws, for instance "shadow modules" (beginning
> with "_" ). I don't think necessary to reproduce these flaws :-) and
> few users are willing to use "Blender._Blender.Scene.get()... )
Don't worry about that, shadow, for example, will be gone. There's no
use for it now. The API is being cleaned, expanded. What is good about
it is that it in part reproduces the Blender internal ways.
> 4) The module Curves is going on... Say 50% finished. Intensively used
> the Camera module, and the test file of Jan Walter.
Great : ).
--
Willian, wgermano at ig.com.br
More information about the Bf-python
mailing list