[Qgis-user] Re: QGIS and Computer Security (Windows)
Alex Mandel
tech_dev at wildintellect.com
Sun Feb 19 11:37:26 PST 2012
On 02/19/2012 01:14 AM, Andrea Peri wrote:
>> - Python: Python, like any good programming language, provides no
>> protection against malware or malicious code. It's job is not to care, and
>> nor should it try and stop me. People can write malicious code in
>> any language.
>
>
> +1
>
> The main question is that are the plugins the door for some malicious code,
>
> A bit difference should be with the java softwares that could run the java
> code in a sandbox.
> I don't know the python engine but I guess it cannot close the python code
> in a sand-box.
>
> Is this true ?
>
>
>
Current reading on sandboxes is that they only protect against
accidental damage from bad memory handling, etc not from malicious
intent and exploitation. Not running QGIS as administrator should keep
you somewhat safe and running a decent anti-virus/anti-malware should
ideally catch suspicious behavior of applications.
I think the most we can do is make it easy and clear how to report
strange behavior from plugins.
I don't really see how QGIS plugins are any different than Arc Scripts
which GIS users download and use all the time. But this does emphasize
why we need to move more plugins to the offical repos and have people
rely less on 3rd party repos we can't police at all.
Thanks,
Alex
More information about the Qgis-user
mailing list