[Bf-python] Re: ID Properties and python hook scripts

[Roland Hess]

What constitutes a "trusted" script and who makes that determination?  
If it's the BF and the committer team that makes the call, then a  
fairly decent way presents itself:

1. Use a public/private key encryptor. The private key is maintained  
by the BF, and the public key is distributed within the sources (and  
thus within the blender binary too.)

2. At the BF, a hash is made of the script. The hash result is then  
encrypted with private key. This encryption result is appended to the  
text script, with appropriate header information.

3. When Blender tries to run the script, it reads the encryption  
result from the header; decrypts with the public, distributed key;  
makes a hash from the plain text script (without the encrypted header  
of course), then compares hashes. If the hashes match, Blender allows  
"trusted script" access.

Pros: Scripts do not have to be bundled with Blender necessarily.  
Anyone who can get a committer or the BF to approve their script and  
give them a hashed/encrypted header can distribute as they choose.  
Also, the scripts remain in plain text format, making them easily  
examinable and accessible by the users or future coders. This  
procedure is analogous to the common practice of digitally signing  
the hash of a message. In fact, this is exactly what it is. If you  
want to do "trusted scripts", there's no reason not to do it right.

Cons: Any time you make a bug fix to the script, you have to have the  
header recreated with the private key.

Security pitfalls: The private key must be kept private.

Roland Hess - harkyman


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.blender.org/pipermail/bf-python/attachments/20061011/031fb687/attachment.html>