[Qgis-user] Crash when opening project with QGIS 3.10
Alessandro Pasotti
apasotti at gmail.com
Wed Oct 30 07:56:35 PDT 2019
On Wed, Oct 30, 2019 at 3:47 PM Even Rouault <even.rouault at spatialys.com>
wrote:
> > What's this about? A social experiment?
>
> Yes, I'm "Ben Hutcher". Too bad you destroyed it so quickly :-)
>
Oh, I'm sorry :)
You should have told me ... you know, I'm in bug-fixing-mode and I couldn't
resist ;)
> I just discovered this functionnality of QGIS and this scared me. I
> believe I
> would have accepted the warning because I ignored that QGIS projects could
> contain Python code, and I presume a lot of users would. IMHO clicking on
> the
> Enable macros link should raise a dialog box with a more explicit message
> about the potential risks to double confirm.
> "Python macros cannot currently be run." sounds to me as "you should
> enable
> macros so things work as expected". It is not even clear that the macros
> come
> from the project itself. They could be some trusted code in QGIS itself.
> Once
> you know that functionnality is, then yes the current behaviour is
> probably
> fine. But if you don't know it, there's a high chance you could run
> untrusted
> code without realizing it.
>
> Even
>
>
Agreed (same for Python code embedded in forms btw).
We should warn users about the security threats associates to run untrusted
code (now forms have also the option to download code from the network and
run it!).
Plugins as well are of course a potential threat.
--
Alessandro Pasotti
w3: www.itopen.it
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-user/attachments/20191030/a468e6c9/attachment.html>
More information about the Qgis-user
mailing list