On 02/19/2012 01:14 AM, Andrea Peri wrote: >> - Python: Python, like any good programming language, provides no >> protection against malware or malicious code. It's job is not to care, and >> nor should it try and stop me. People can write malicious code in >> any language. > > > +1 > > The main question is that are the plugins the door for some malicious code, > > A bit difference should be with the java softwares that could run the java > code in a sandbox. > I don't know the python engine but I guess it cannot close the python code > in a sand-box. > > Is this true ? > > >
Current reading on sandboxes is that they only protect against accidental damage from bad memory handling, etc not from malicious intent and exploitation. Not running QGIS as administrator should keep you somewhat safe and running a decent anti-virus/anti-malware should ideally catch suspicious behavior of applications. I think the most we can do is make it easy and clear how to report strange behavior from plugins. I don't really see how QGIS plugins are any different than Arc Scripts which GIS users download and use all the time. But this does emphasize why we need to move more plugins to the offical repos and have people rely less on 3rd party repos we can't police at all. Thanks, Alex _______________________________________________ Qgis-user mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/qgis-user
