94 messages in org.blender.bf-committersRe: [Bf-committers] "Security" gets i...| From | Sent On | Attachments |
|---|---|---|
| Daniel Salazar - 3Developer.com | Apr 27, 2010 5:59 pm | |
| Matt Ebb | Apr 27, 2010 6:17 pm | |
| Benjamin Tolputt | Apr 27, 2010 7:09 pm | |
| Benjamin Tolputt | Apr 27, 2010 7:25 pm | |
| Matt Ebb | Apr 27, 2010 7:32 pm | |
| Benjamin Tolputt | Apr 27, 2010 7:57 pm | |
| Campbell Barton | Apr 28, 2010 1:03 am | |
| Daniel Salazar - 3Developer.com | Apr 28, 2010 1:14 am | |
| Remo Pini | Apr 28, 2010 1:34 am | |
| Benjamin Tolputt | Apr 28, 2010 2:36 am | |
| horace grant | Apr 28, 2010 4:28 am | |
| Benjamin Tolputt | Apr 28, 2010 7:05 am | |
| horace grant | Apr 28, 2010 7:56 am | |
| Remo Pini | Apr 28, 2010 8:32 am | |
| Nery Chucuy | Apr 28, 2010 8:41 am | |
| Raul Fernandez Hernandez | Apr 28, 2010 8:58 am | |
| male...@licuadorastudio.com | Apr 28, 2010 9:30 am | |
| Bassam Kurdali | Apr 28, 2010 9:55 am | |
| Raul Fernandez Hernandez | Apr 28, 2010 10:58 am | |
| Makslane Rodrigues | Apr 28, 2010 1:52 pm | |
| horace grant | Apr 28, 2010 2:28 pm | |
| Matt Ebb | Apr 28, 2010 2:34 pm | |
| Charles Wardlaw | Apr 28, 2010 2:58 pm | |
| Makslane Rodrigues | Apr 28, 2010 3:15 pm | |
| Tom M | Apr 28, 2010 3:16 pm | |
| Ruslan Merkulov | Apr 28, 2010 4:33 pm | |
| Charles Wardlaw | Apr 28, 2010 5:09 pm | |
| joe | Apr 28, 2010 5:21 pm | |
| Benjamin Tolputt | Apr 28, 2010 5:31 pm | |
| Ruslan Merkulov | Apr 28, 2010 5:40 pm | |
| Benjamin Tolputt | Apr 28, 2010 6:44 pm | |
| Martin Poirier | Apr 28, 2010 8:01 pm | |
| amrp...@gmail.com | Apr 28, 2010 8:27 pm | |
| Charles Wardlaw | Apr 28, 2010 8:44 pm | |
| Benjamin Tolputt | Apr 28, 2010 8:56 pm | |
| Martin Poirier | Apr 28, 2010 9:02 pm | |
| §ĥřïñïďĥï Ŗäö | Apr 28, 2010 9:03 pm | |
| Harley Acheson | Apr 28, 2010 9:31 pm | |
| Benjamin Tolputt | Apr 28, 2010 11:22 pm | |
| Ruslan Merkulov | Apr 29, 2010 12:10 am | |
| Tony Mullen | Apr 29, 2010 3:08 am | |
| Kevin Roy | Apr 29, 2010 3:30 am | |
| Charles Wardlaw | Apr 29, 2010 3:39 am | |
| horace grant | Apr 29, 2010 5:03 am | |
| Thomas Dinges | Apr 29, 2010 5:13 am | |
| Martin Poirier | Apr 29, 2010 5:57 am | |
| Benjamin Tolputt | Apr 29, 2010 5:58 am | |
| (Ry)akiotakis (An)tonis | Apr 29, 2010 6:13 am | |
| Charles Wardlaw | Apr 29, 2010 6:16 am | |
| Raul Fernandez Hernandez | Apr 29, 2010 6:35 am | |
| Charles Wardlaw | Apr 29, 2010 6:41 am | |
| Benjamin Tolputt | Apr 29, 2010 6:46 am | |
| Benjamin Tolputt | Apr 29, 2010 7:11 am | |
| Raul Fernandez Hernandez | Apr 29, 2010 8:10 am | |
| Knapp | Apr 29, 2010 8:54 am | |
| Michael Judd | Apr 29, 2010 10:55 am | |
| Martin Poirier | Apr 29, 2010 10:59 am | |
| Michael Judd | Apr 29, 2010 11:13 am | |
| Michael Fox | Apr 29, 2010 3:26 pm | |
| Benjamin Tolputt | Apr 29, 2010 4:41 pm | |
| Benjamin Tolputt | Apr 29, 2010 4:46 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:03 pm | |
| Martin Poirier | Apr 29, 2010 5:08 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:09 pm | |
| horace grant | Apr 29, 2010 5:26 pm | |
| Ken Hughes | Apr 29, 2010 5:47 pm | |
| Ken Hughes | Apr 29, 2010 5:52 pm | |
| Ken Hughes | Apr 29, 2010 5:54 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:55 pm | |
| Benjamin Tolputt | Apr 29, 2010 5:57 pm | |
| Benjamin Tolputt | Apr 29, 2010 6:13 pm | |
| Roger Wickes | Apr 29, 2010 6:13 pm | |
| Benjamin Tolputt | Apr 29, 2010 6:25 pm | |
| Michael Judd | Apr 29, 2010 6:39 pm | |
| Benjamin Tolputt | Apr 29, 2010 6:58 pm | |
| Martin Poirier | Apr 29, 2010 7:22 pm | |
| Benjamin Tolputt | Apr 29, 2010 9:24 pm | |
| Campbell Barton | Apr 29, 2010 9:46 pm | |
| Michael Judd | Apr 29, 2010 9:48 pm | |
| Benjamin Tolputt | Apr 29, 2010 11:28 pm | |
| Luke Frisken | Apr 30, 2010 2:01 am | |
| Roger Wickes | Apr 30, 2010 4:52 am | |
| Ton Roosendaal | Apr 30, 2010 5:06 am | |
| Jason Wilkins | Apr 30, 2010 10:54 am | |
| jonathan d p ferguson | Apr 30, 2010 11:56 am | |
| Benjamin Tolputt | Apr 30, 2010 5:39 pm | |
| Ruslan Merkulov | Apr 30, 2010 7:04 pm | |
| Jason Wilkins | Apr 30, 2010 7:52 pm | |
| Tom M | Apr 30, 2010 8:06 pm | |
| Benjamin Tolputt | Apr 30, 2010 11:20 pm | |
| Benjamin Tolputt | Apr 30, 2010 11:23 pm | |
| Jason W. | Apr 30, 2010 11:43 pm | |
| jsplifer | May 1, 2010 1:45 am | |
| horace grant | May 1, 2010 8:38 am |
| Subject: | Re: [Bf-committers] "Security" gets in the way | |
|---|---|---|
| From: | Charles Wardlaw (cwar...@marchentertainment.com) | |
| Date: | Apr 28, 2010 8:44:07 pm | |
| List: | org.blender.bf-committers | |
According to the Maya documentation, there is a check-box that allows you to disable the execution of "script nodes" when opening the file. This would indeed be a "security measure" available and there has been no uproar on it that I've heard of.
It's actually not a security measure, although I can see why it could be viewed as such.
That feature is in there because sometimes Maya can save out files it cannot read back in, and often the only way to get at your data in order to salvage some of it is to disable scripts and expressions. I'm using that feature at work to debug some inherited assets because when I load them up straight Maya likes to hang.
But there's a difference between that and what Blender's currently doing: that "security" feature is opt-in. Blender's is not, but in my opinion should be.
And as an aside, that feature in Maya can be gotten around with deferred execution and a hack in a Maya ASCII file. Again: not security, but a debugging tool.
I'm surprised that nobody has mentioned the simple solution of disallowing automatic scripts and scripted constraints from accessing the os and sys modules (perhaps limiting imports to only bpy). It'd be easy enough to implement as a security measure by just scanning the code or executing the code in a space where those modules were never importable, but wouldn't break rigs.
~ C
_______________________________________________ Bf-committers mailing list Bf-c...@blender.org http://lists.blender.org/mailman/listinfo/bf-committers