[Bf-python] Re: ID Properties and python hook scripts
Roland Hess
rolandh at reed-witting.com
Wed Oct 11 13:31:56 CEST 2006
What constitutes a "trusted" script and who makes that determination?
If it's the BF and the committer team that makes the call, then a
fairly decent way presents itself:
1. Use a public/private key encryptor. The private key is maintained
by the BF, and the public key is distributed within the sources (and
thus within the blender binary too.)
2. At the BF, a hash is made of the script. The hash result is then
encrypted with private key. This encryption result is appended to the
text script, with appropriate header information.
3. When Blender tries to run the script, it reads the encryption
result from the header; decrypts with the public, distributed key;
makes a hash from the plain text script (without the encrypted header
of course), then compares hashes. If the hashes match, Blender allows
"trusted script" access.
Pros: Scripts do not have to be bundled with Blender necessarily.
Anyone who can get a committer or the BF to approve their script and
give them a hashed/encrypted header can distribute as they choose.
Also, the scripts remain in plain text format, making them easily
examinable and accessible by the users or future coders. This
procedure is analogous to the common practice of digitally signing
the hash of a message. In fact, this is exactly what it is. If you
want to do "trusted scripts", there's no reason not to do it right.
Cons: Any time you make a bug fix to the script, you have to have the
header recreated with the private key.
Security pitfalls: The private key must be kept private.
Roland Hess - harkyman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.blender.org/pipermail/bf-python/attachments/20061011/031fb687/attachment.html>
More information about the Bf-python
mailing list