On Wed, Jun 5, 2013 at 3:15 PM, David Jeske <dav...@gmail.com> wrote: > This issue would be less problematic if new versions of blender would read > preferences set from older versions. Currently in my experience all > preferences have to be re-set after each new version download. Which means > if you turn off "auto load scripts" it only stays off until the next > download.
When you load a new version of blender the splash screen should show the option "Copy Previous Settings", Though its limited to updating from the previous release. Though its not foolproof since you could install blender then immediately load an untrusted blend file before you have a chance to restore preferences. > > On Tue, Jun 4, 2013 at 2:15 PM, Brecht Van Lommel < > brechtvanlom...@pandora.be> wrote: > >> Regarding implementation of a popup: if it is desired, you could load >> the file with scripts disabled, and then in the info header have a >> warning and button to reload the file with scripts enabled. That's >> nicely non-modal too. >> > > This seems like quite an elegant blender-esq option. > > It does appear this is a vulnerability in other popular 3d modeling > tools... I believe the attack surface area of blender may be worse than > Maya or 3ds, as blender is a free download. However, it's probably > comparable to DAZ studio, which is also free and also has this > vulnerability. > > http://www.coresecurity.com/content/blender-scripting-injection > http://www.coresecurity.com/content/maya-arbitrary-command-execution > http://www.coresecurity.com/content/3dsmax-arbitrary-command-execution > http://www.coresecurity.com/content/dazstudio-scripting-injection > > It might be worth adding this comparison information to the FAQ. > _______________________________________________ > Bf-committers mailing list > Bf-committers@blender.org > http://lists.blender.org/mailman/listinfo/bf-committers -- - Campbell _______________________________________________ Bf-committers mailing list Bf-committers@blender.org http://lists.blender.org/mailman/listinfo/bf-committers
