Tyler Tricker wrote: > What about Jython or Ironpython as a base platform? both have the ability to > lock down the VM. >
Given both the cross-platform nature of Blender (ruling out IronPython) and the fact that Blender uses the C-API of Python quite heavily (ruling out Jython, even were a JVM requirement acceptable) - anything but a version of CPython (patched or otherwise) is simply outside the scope of this or feasible future developments. Simply put - the choice of Python means, until some theoretical "safe" version of CPython in the future, that Blender's security will be limited to warnings & user intervention mechanisms. Proper sandboxing is bot possible with CPython and, until it is, that only leaves "Microsoft Office" style security (i.e. let the user know that there are macros/scripts in the file and only allow them to run should the user agree to it on load). > "Like if there are any scripts, warn the user and ask if the scripts should > be allowed for the session or permanently." > > I think this would get really annoying to have to confirm every script. > I don't think it need be done for "every script", only a vague "There are scripts in this blend. Do you trust the blend to run scripts on your machine" message. It was the security option Microsoft used for their office suite (which is deployed far wider than Blender, in places meant to have more security than the average graphic studio, and is on record for actually widely spreading macro virii). It is not "real security" by any measure, but it is something we need to settle for given the development constraints. -- Regards, Benjamin Tolputt Analyst Programmer _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
