94 messages in org.blender.bf-committersRe: [Bf-committers] "Security" gets i...| From | Sent On | Attachments |
|---|---|---|
| Daniel Salazar - 3Developer.com | Apr 27, 2010 5:59 pm | |
| Matt Ebb | Apr 27, 2010 6:17 pm | |
| Benjamin Tolputt | Apr 27, 2010 7:09 pm | |
| Benjamin Tolputt | Apr 27, 2010 7:25 pm | |
| Matt Ebb | Apr 27, 2010 7:32 pm | |
| Benjamin Tolputt | Apr 27, 2010 7:57 pm | |
| Campbell Barton | Apr 28, 2010 1:03 am | |
| Daniel Salazar - 3Developer.com | Apr 28, 2010 1:14 am | |
| Remo Pini | Apr 28, 2010 1:34 am | |
| Benjamin Tolputt | Apr 28, 2010 2:36 am | |
| horace grant | Apr 28, 2010 4:28 am | |
| Benjamin Tolputt | Apr 28, 2010 7:05 am | |
| horace grant | Apr 28, 2010 7:56 am | |
| Remo Pini | Apr 28, 2010 8:32 am | |
| Nery Chucuy | Apr 28, 2010 8:41 am | |
| Raul Fernandez Hernandez | Apr 28, 2010 8:58 am | |
| male...@licuadorastudio.com | Apr 28, 2010 9:30 am | |
| Bassam Kurdali | Apr 28, 2010 9:55 am | |
| Raul Fernandez Hernandez | Apr 28, 2010 10:58 am | |
| Makslane Rodrigues | Apr 28, 2010 1:52 pm | |
| horace grant | Apr 28, 2010 2:28 pm | |
| Matt Ebb | Apr 28, 2010 2:34 pm | |
| Charles Wardlaw | Apr 28, 2010 2:58 pm | |
| Makslane Rodrigues | Apr 28, 2010 3:15 pm | |
| Tom M | Apr 28, 2010 3:16 pm | |
| Ruslan Merkulov | Apr 28, 2010 4:33 pm | |
| Charles Wardlaw | Apr 28, 2010 5:09 pm | |
| joe | Apr 28, 2010 5:21 pm | |
| Benjamin Tolputt | Apr 28, 2010 5:31 pm | |
| Ruslan Merkulov | Apr 28, 2010 5:40 pm | |
| Benjamin Tolputt | Apr 28, 2010 6:44 pm | |
| Martin Poirier | Apr 28, 2010 8:01 pm | |
| amrp...@gmail.com | Apr 28, 2010 8:27 pm | |
| Charles Wardlaw | Apr 28, 2010 8:44 pm | |
| Benjamin Tolputt | Apr 28, 2010 8:56 pm | |
| Martin Poirier | Apr 28, 2010 9:02 pm | |
| §ĥřïñïďĥï Ŗäö | Apr 28, 2010 9:03 pm | |
| Harley Acheson | Apr 28, 2010 9:31 pm | |
| Benjamin Tolputt | Apr 28, 2010 11:22 pm | |
| Ruslan Merkulov | Apr 29, 2010 12:10 am | |
| Tony Mullen | Apr 29, 2010 3:08 am | |
| Kevin Roy | Apr 29, 2010 3:30 am | |
| Charles Wardlaw | Apr 29, 2010 3:39 am | |
| horace grant | Apr 29, 2010 5:03 am | |
| Thomas Dinges | Apr 29, 2010 5:13 am | |
| Martin Poirier | Apr 29, 2010 5:57 am | |
| Benjamin Tolputt | Apr 29, 2010 5:58 am | |
| (Ry)akiotakis (An)tonis | Apr 29, 2010 6:13 am | |
| Charles Wardlaw | Apr 29, 2010 6:16 am | |
| Raul Fernandez Hernandez | Apr 29, 2010 6:35 am | |
| Charles Wardlaw | Apr 29, 2010 6:41 am | |
| Benjamin Tolputt | Apr 29, 2010 6:46 am | |
| Benjamin Tolputt | Apr 29, 2010 7:11 am | |
| Raul Fernandez Hernandez | Apr 29, 2010 8:10 am | |
| Knapp | Apr 29, 2010 8:54 am | |
| Michael Judd | Apr 29, 2010 10:55 am | |
| Martin Poirier | Apr 29, 2010 10:59 am | |
| Michael Judd | Apr 29, 2010 11:13 am | |
| Michael Fox | Apr 29, 2010 3:26 pm | |
| Benjamin Tolputt | Apr 29, 2010 4:41 pm | |
| Benjamin Tolputt | Apr 29, 2010 4:46 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:03 pm | |
| Martin Poirier | Apr 29, 2010 5:08 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:09 pm | |
| horace grant | Apr 29, 2010 5:26 pm | |
| Ken Hughes | Apr 29, 2010 5:47 pm | |
| Ken Hughes | Apr 29, 2010 5:52 pm | |
| Ken Hughes | Apr 29, 2010 5:54 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:55 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:57 pm | |
| Benjamin Tolputt | Apr 29, 2010 6:13 pm | |
| Roger Wickes | Apr 29, 2010 6:13 pm | |
| Benjamin Tolputt | Apr 29, 2010 6:25 pm | |
| Michael Judd | Apr 29, 2010 6:39 pm | |
| Benjamin Tolputt | Apr 29, 2010 6:58 pm | |
| Martin Poirier | Apr 29, 2010 7:22 pm | |
| Benjamin Tolputt | Apr 29, 2010 9:24 pm | |
| Campbell Barton | Apr 29, 2010 9:46 pm | |
| Michael Judd | Apr 29, 2010 9:48 pm | |
| Benjamin Tolputt | Apr 29, 2010 11:28 pm | |
| Luke Frisken | Apr 30, 2010 2:01 am | |
| Roger Wickes | Apr 30, 2010 4:52 am | |
| Ton Roosendaal | Apr 30, 2010 5:06 am | |
| Jason Wilkins | Apr 30, 2010 10:54 am | |
| jonathan d p ferguson | Apr 30, 2010 11:56 am | |
| Benjamin Tolputt | Apr 30, 2010 5:39 pm | |
| Ruslan Merkulov | Apr 30, 2010 7:04 pm | |
| Jason Wilkins | Apr 30, 2010 7:52 pm | |
| Tom M | Apr 30, 2010 8:06 pm | |
| Benjamin Tolputt | Apr 30, 2010 11:20 pm | |
| Benjamin Tolputt | Apr 30, 2010 11:23 pm | |
| Jason W. | Apr 30, 2010 11:43 pm | |
| jsplifer | May 1, 2010 1:45 am | |
| horace grant | May 1, 2010 8:38 am |
| Subject: | Re: [Bf-committers] "Security" gets in the way | |
|---|---|---|
| From: | Benjamin Tolputt (btol...@internode.on.net) | |
| Date: | Apr 30, 2010 11:20:06 pm | |
| List: | org.blender.bf-committers | |
Ruslan Merkulov wrote:
I believe that security is 10% technical and 90% social problem, so "web of trust" + educating users on security issues seems to be most logical solution and requires the least amount of changes in Blender's and third party plugins' code. It seems to work for Mozilla Firefox, for example, which is another OSS project that has a rich plugin infrastructure. And it's killing two birds with one stone: both security and usability.
You are ignoring the difference between DOCUMENT and PLUGIN. Yes, Mozilla relies on the user to trust the owner of the plugins they install. But any documents opened in the browser are secured from wiping your hard-drive.
This is the concept alot of people get confused about. No-one I know is saying that the plugins & external scripts need to be secure. They NEED access to sensitive resources (network, file system, etc) to do their job. It is the fact that scripts within the blend file for the scene, or "document", have access to the same level of functionality.
Any document that can be opened in FireFox and read/write files on your hard-drive is rightly classified as exposing a bug in the software.
_______________________________________________ Bf-committers mailing list Bf-c...@blender.org http://lists.blender.org/mailman/listinfo/bf-committers