atom feed94 messages in org.blender.bf-committersRe: [Bf-committers] "Security" gets i...
FromSent OnAttachments
Daniel Salazar - 3Developer.comApr 27, 2010 5:59 pm 
Matt EbbApr 27, 2010 6:17 pm 
Benjamin TolputtApr 27, 2010 7:09 pm 
Benjamin TolputtApr 27, 2010 7:25 pm 
Matt EbbApr 27, 2010 7:32 pm 
Benjamin TolputtApr 27, 2010 7:57 pm 
Campbell BartonApr 28, 2010 1:03 am 
Daniel Salazar - 3Developer.comApr 28, 2010 1:14 am 
Remo PiniApr 28, 2010 1:34 am 
Benjamin TolputtApr 28, 2010 2:36 am 
horace grantApr 28, 2010 4:28 am 
Benjamin TolputtApr 28, 2010 7:05 am 
horace grantApr 28, 2010 7:56 am 
Remo PiniApr 28, 2010 8:32 am 
Nery ChucuyApr 28, 2010 8:41 am 
Raul Fernandez HernandezApr 28, 2010 8:58 am 
male...@licuadorastudio.comApr 28, 2010 9:30 am 
Bassam KurdaliApr 28, 2010 9:55 am 
Raul Fernandez HernandezApr 28, 2010 10:58 am 
Makslane RodriguesApr 28, 2010 1:52 pm 
horace grantApr 28, 2010 2:28 pm 
Matt EbbApr 28, 2010 2:34 pm 
Charles WardlawApr 28, 2010 2:58 pm 
Makslane RodriguesApr 28, 2010 3:15 pm 
Tom MApr 28, 2010 3:16 pm 
Ruslan MerkulovApr 28, 2010 4:33 pm 
Charles WardlawApr 28, 2010 5:09 pm 
joeApr 28, 2010 5:21 pm 
Benjamin TolputtApr 28, 2010 5:31 pm 
Ruslan MerkulovApr 28, 2010 5:40 pm 
Benjamin TolputtApr 28, 2010 6:44 pm 
Martin PoirierApr 28, 2010 8:01 pm 
amrp...@gmail.comApr 28, 2010 8:27 pm 
Charles WardlawApr 28, 2010 8:44 pm 
Benjamin TolputtApr 28, 2010 8:56 pm 
Martin PoirierApr 28, 2010 9:02 pm 
§ĥřïñïďĥï ŖäöApr 28, 2010 9:03 pm 
Harley AchesonApr 28, 2010 9:31 pm 
Benjamin TolputtApr 28, 2010 11:22 pm 
Ruslan MerkulovApr 29, 2010 12:10 am 
Tony MullenApr 29, 2010 3:08 am 
Kevin RoyApr 29, 2010 3:30 am 
Charles WardlawApr 29, 2010 3:39 am 
horace grantApr 29, 2010 5:03 am 
Thomas DingesApr 29, 2010 5:13 am 
Martin PoirierApr 29, 2010 5:57 am 
Benjamin TolputtApr 29, 2010 5:58 am 
(Ry)akiotakis (An)tonisApr 29, 2010 6:13 am 
Charles WardlawApr 29, 2010 6:16 am 
Raul Fernandez HernandezApr 29, 2010 6:35 am 
Charles WardlawApr 29, 2010 6:41 am 
Benjamin TolputtApr 29, 2010 6:46 am 
Benjamin TolputtApr 29, 2010 7:11 am 
Raul Fernandez HernandezApr 29, 2010 8:10 am 
KnappApr 29, 2010 8:54 am 
Michael JuddApr 29, 2010 10:55 am 
Martin PoirierApr 29, 2010 10:59 am 
Michael JuddApr 29, 2010 11:13 am 
Michael FoxApr 29, 2010 3:26 pm 
Benjamin TolputtApr 29, 2010 4:41 pm 
Benjamin TolputtApr 29, 2010 4:46 pm 
Benjamin TolputtApr 29, 2010 5:03 pm 
Martin PoirierApr 29, 2010 5:08 pm 
Benjamin TolputtApr 29, 2010 5:09 pm 
horace grantApr 29, 2010 5:26 pm 
Ken HughesApr 29, 2010 5:47 pm 
Ken HughesApr 29, 2010 5:52 pm 
Ken HughesApr 29, 2010 5:54 pm 
Benjamin TolputtApr 29, 2010 5:55 pm 
Benjamin TolputtApr 29, 2010 5:57 pm 
Benjamin TolputtApr 29, 2010 6:13 pm 
Roger WickesApr 29, 2010 6:13 pm 
Benjamin TolputtApr 29, 2010 6:25 pm 
Michael JuddApr 29, 2010 6:39 pm 
Benjamin TolputtApr 29, 2010 6:58 pm 
Martin PoirierApr 29, 2010 7:22 pm 
Benjamin TolputtApr 29, 2010 9:24 pm 
Campbell BartonApr 29, 2010 9:46 pm 
Michael JuddApr 29, 2010 9:48 pm 
Benjamin TolputtApr 29, 2010 11:28 pm 
Luke FriskenApr 30, 2010 2:01 am 
Roger WickesApr 30, 2010 4:52 am 
Ton RoosendaalApr 30, 2010 5:06 am 
Jason WilkinsApr 30, 2010 10:54 am 
jonathan d p fergusonApr 30, 2010 11:56 am 
Benjamin TolputtApr 30, 2010 5:39 pm 
Ruslan MerkulovApr 30, 2010 7:04 pm 
Jason WilkinsApr 30, 2010 7:52 pm 
Tom MApr 30, 2010 8:06 pm 
Benjamin TolputtApr 30, 2010 11:20 pm 
Benjamin TolputtApr 30, 2010 11:23 pm 
Jason W.Apr 30, 2010 11:43 pm 
jspliferMay 1, 2010 1:45 am 
horace grantMay 1, 2010 8:38 am 
Subject:Re: [Bf-committers] "Security" gets in the way
From:Benjamin Tolputt (btol@internode.on.net)
Date:Apr 27, 2010 7:57:30 pm
List:org.blender.bf-committers

Matt Ebb wrote:

Sure, one can say "oh it's your fault for not enabling the options" but that brings me back to the original point - regardless of whether you want to blame the user or not, the existence of this 'security' does cause real practical problems. Especially in cases like I described above where you're tired and stressed meeting a deadline and the last thing on your mind is going to disable some stupid security preference and saving default preferences.

Well, first thing to note is that I think that the current implementation is not really a solution and needs to be turfed. There is no way of knowing if someone has tampered with a file on a website, so a malicious user need only hack the web-site of someone putting up, say, a useful base rig that was verified in the past as "secure". It is trivial to then link Python code into every file then saved by Blender. Given the fact Python is the problem - I don't see a solution with it as the scripting foundation of Blender as things stand currently.

That said, I find the idea that one doesn't want to flick one extra switch on initial setup a relatively weak reason not to include security. There is always going to be a trade-off with security - it is /built-in/ to the whole model of limiting what can be done so as not to compromise/hurt yourself. And not allowing it to be set as the default basically makes it useless (because those most vulnerable will not even know to look for it to turn on).

I know & understand your position on this (I've lost count of how many time a missing password or command line flag has meant an overnight data processing run has come out bad); but that doesn't mean I agree with your position that some small hassle ONCE on install outweighs security concerns.

Our disagreement is all superfluous though because I think the current security option is worse than none. It both provides an illusion of security AND causes all the hassles (& more?) a real solution would entail.

_______________________________________________ Bf-committers mailing list Bf-c@blender.org http://lists.blender.org/mailman/listinfo/bf-committers