On Wed, Jun 5, 2013 at 3:58 AM, David Jeske <[email protected]> wrote: > On Tue, Jun 4, 2013 at 8:05 AM, Brecht Van Lommel < > [email protected]> wrote: > >> Here's another discussion where the popup idea comes up: >> http://lists.blender.org/pipermail/bf-committers/2010-March/026573.html >> >> It's a tradeoff, do we really want to degrade usability for this? > > > I don't think this is a question of degrading expert blender usability. > It's a question of protecting a broader less expert userbase from malicious > blend files. > > I think your previous post is an excellent case for not SILENTLY disabling > scripts by default. [1] However, this is not the only option. For nearly a > decade MS-Word has been using a challenge dialog before running scripts. Is > there ideological opposition to default to showing a dialog before > processing python scripts in a blend file?
Blender doesn't have these kinds of dialogs available (ones that block everything and wait for input), also checking if a script will run isn't totally trivial - any driver can run a script for example. So yes - both are solvable, but its not easily supported without some extra work - probably this is why someone hasn't written a patch already. > The decision at the time was that no, we do not. Also note that even >> disabling scripts does not make Blender secure, there's dozens of >> other ways to create malicious .blend files. >> > > What are the other "dozen" ways blender could > read/destroy/send-files-to-the-internet/install-viruses with python scripts > disabled? I would assume these other ways would have to make use of hand crafted blend files that cause buffer overruns to run malicious executable code. > [1] http://lists.blender.org/pipermail/bf-committers/2010-April/027216.html > _______________________________________________ > Bf-committers mailing list > [email protected] > http://lists.blender.org/mailman/listinfo/bf-committers -- - Campbell _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
