Hello, Sorry, but I couldn’t resist weighing into this debate because I feel I have a fairly unique perspective on this security issue. I am a Blender noob, a long-time developer (25 years but very little with C), but I spend my days as a network administrator for a large-ish network (650 users, 700 computers). So you would naturally think that I would be in the “theoretical IT types” in favor of high security in Blender.
But I am not. In fact the only feature I would need is the temporary ability to load an autoexecuting blend without it doing so. Otherwise, I wish for no other prompts, preferences, or nannying. Yes, it is easy to make a python script that steals passwords or deletes your files, just as it is easy to do so in any programming language. The danger potentially lurking in an evil blend file is the same as in any program you could download from the internet. There isn’t any comparison to Word and Excel macro viruses or other types of threat. Blend files just don’t have the same audience, or the ability to quickly propagate. You either need fast self-replication or very fast and wide direct distributions in order keep it from self-limiting and to isolate the writer of the threat from getting caught. Seriously… try to imagine a scenario where you could cause mischief in some way with an autoexecuting Blend that would be long-lasting and leaves you anonymous, and therefore out of jail. Blend file just aren’t traded and shared the way the Word files are. We’ve had the ability to run scripts on load for years and this threat has yet to surface. At my very secure network my uses cannot do anything (with python or anything else) that could wreck the computer they are using because they don’t run with the privileges necessary to do such damage. They are also unable to damage any files but their own, and if they manage that they can just restore them themselves from a snapshot from a few hours earlier. Or they can have me restore their files from a backup. So for me this isn’t a “security hole”, but just what any program can potentially do. You have the weigh the risks and deal with all the possibilities. My users are much more likely to accidentally delete files themselves than have something else do it for them. Just my two cents. Harley Acheson Virtual Dogsbody Info Tech Department Shawnigan Lake School _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
