On Wed, Oct 30, 2019 at 3:47 PM Even Rouault <even.roua...@spatialys.com> wrote:
> > What's this about? A social experiment? > > Yes, I'm "Ben Hutcher". Too bad you destroyed it so quickly :-) > Oh, I'm sorry :) You should have told me ... you know, I'm in bug-fixing-mode and I couldn't resist ;) > I just discovered this functionnality of QGIS and this scared me. I > believe I > would have accepted the warning because I ignored that QGIS projects could > contain Python code, and I presume a lot of users would. IMHO clicking on > the > Enable macros link should raise a dialog box with a more explicit message > about the potential risks to double confirm. > "Python macros cannot currently be run." sounds to me as "you should > enable > macros so things work as expected". It is not even clear that the macros > come > from the project itself. They could be some trusted code in QGIS itself. > Once > you know that functionnality is, then yes the current behaviour is > probably > fine. But if you don't know it, there's a high chance you could run > untrusted > code without realizing it. > > Even > > Agreed (same for Python code embedded in forms btw). We should warn users about the security threats associates to run untrusted code (now forms have also the option to download code from the network and run it!). Plugins as well are of course a potential threat. -- Alessandro Pasotti w3: www.itopen.it
_______________________________________________ Qgis-user mailing list Qgis-user@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-user Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-user