phatch-dev team mailing list archive

[Robin Mills <robin@xxxxxxxxxxxxx>]

Erich

It doesn't expose us to more risk.  The risk is the same.

What I was thinking was "I wonder if Python has a security model to  
restrict what any given script can do?"  Much as Java (or JavaScript)  
in the browser is restricted.  However Java (or JavaScript) from the  
command-line is more-or-less free to do as it pleases and that's about  
the same as Python.

However it might be nice if Python was able to refuse to run scripts  
which don't have a valid digital certificate - and that would make  
"alien" scripts less dangerous.

So it all adds up to "The issue is with Python, not Phatch".

Robin
http://clanmills.com




On Jun 17, 2009, at 6:53 AM, Erich Heine wrote:

> Stani -- good action! I like it.
>
> Robin -- How does python expose more risk than say, java or (insert  
> favorite language here) in the case where "any external script is  
> runnable"? ]
>
> Regards,
> Erich
>
> On Tue, Jun 16, 2009 at 11:28 PM, <robin@xxxxxxxxxxxxx> wrote:
> Orgasmic.  It just gets better all the time.  We could hook into  
> Panoramic
> or Mosaic builders.  Goodness, we could even hook  .... PhotoShop.
>
> The downside is of course that it's a portal virus makers. If we had  
> a web
> site on which people could publish actions for anyone to download,  
> this
> would be an invitation for hackers.  Mind you, it's really Python that
> exposes the security risk - not Phatch.
>
> Robin
>
> > Hi,
> >
> > I've just added the 'geek' action which allows you to hook any
> > external command in Phatch. This opens the doors of heaven. I can't
> > foresee the whole potential. It is basically the equivalent of a
> > terminal for a desktop environment. It comes with two examples. It  
> is
> > really powerful, the geek action can be used to prototype any  
> external
> > application (blender, imagemagick, ...) as a plugin for Phatch. As a
> > demonstration, I've wrapped some useful Imagemagick scripts in an
> > Imagemagick action. You can find these actions under the plugins
> > category.
> >
> > It is even possible to branch to an external process. If there is no
> > file_out.* (eg file_out.tif) in the command line, phatch will leave
> > the image unaltered. Otherwise it continues with the file_out.*  
> image
> > So you can also use it for example to do an ftp upload. (But of  
> course
> > built in support for ftp would be better.) The best format for  
> file_in
> > is tif and for file_out is png.
> >
> > Juho, you can use the Imagemagick action as a base for
> > exiftran/jpegtran and blender action. You can just do
> > photo.call(command). I'd love to have a software box action with
> > Blender. That should be very easy to do and metadata can be used for
> > adding text:
> > http://images.google.nl/images?hl=nl&q=software+box&um=1&ie=UTF-8&ei=PmY4SrvNIpWsjAeOo9ipDQ&sa=X&oi=image_result_group&resnum=1&ct=title
> > That would be a good use of blender and we can use the software box
> > for our website ;-)
> >
> > Have fun with it,
> >
> > Stani
> >
> > --
> > Phatch Photo Batch Processor - http://photobatch.stani.be
> > SPE Python IDE - http://pythonide.stani.be
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~phatch-dev
> > Post to     : phatch-dev@xxxxxxxxxxxxxxxxxxx
> > Unsubscribe : https://launchpad.net/~phatch-dev
> > More help   : https://help.launchpad.net/ListHelp
> >
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~phatch-dev
> Post to     : phatch-dev@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~phatch-dev
> More help   : https://help.launchpad.net/ListHelp