How about a script that automatically checks each script in the .blend when it opens, before auto-running scripts... but it ONLY pops up an alert if it detects suspicious code, any specific functions that wouldn't normally be needed in a .blend file or stand a good chance of messing things up. Hopefully it won't slow things down, and it can be easy to turn off. The key is fewer alerts so it's not as ignored, while also being automatic. If it detects something that warrants investigation, it can tell the user something like, "This script has the ability to control other programs(or send email, or delete files). Here is the code that does this. If this is not a function you expect, click here to deactivate it.". Something not too alarming in case it's nothing. More positive matches would outright be blocked.
This will of course miss some things, especially early on(if there's anything to miss), but it'll catch more than what's caught now, especially anything obvious-but-buried-under-600-lines-of-code. I have a particular interest in security because I'm working on a variation of Blender that's specifically for presentations(using the game engine), and if Blender is being used like Powerpoint, it's likely to get malware like Powerpoint. I'm glad that this conversation is happening, and there might be some ideas that wouldn't work well for Blender but will be perfect for a more single-purpose program that doesn't need as much flexibility. More info on the presentation software is at http://blendshow.com (just to prevent questions that would bring this thread off-topic) -- View this message in context: http://blender.45788.x6.nabble.com/Please-turn-off-Auto-Run-Python-Scripts-by-default-tp108971p109403.html Sent from the Bf-committers mailing list archive at Nabble.com. _______________________________________________ Bf-committers mailing list [email protected] http://lists.blender.org/mailman/listinfo/bf-committers
