• Login
sketchucation logo sketchucation
  • Login
ℹ️ GoFundMe | Our friend Gus Robatto needs some help in a challenging time Learn More

Plugin Security

Scheduled Pinned Locked Moved Developers' Forum
5 Posts 2 Posters 551 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J Offline
    Jim
    last edited by 24 Jun 2008, 20:15

    What is the possibility of a malicious plugin being created? I know plugins have access to your hard drive and network, but to what degree? Could a plugin wipe out your hard drive or send private information over the network?

    There is in reality a very, very small chance of a malicious plugin going un-detected. But still, the risk is not zero.

    (split from this topic: http://www.sketchucation.com/forums/scf/viewtopic.php?f=180&t=10709 )

    Hi

    1 Reply Last reply Reply Quote 0
    • T Offline
      todd burch
      last edited by 24 Jun 2008, 20:32

      This is true Jim, and has been since day 1. But that's not the topic.

      The bottom line is know your source for ruby scripts. If in doubt, don't download or run.

      1 Reply Last reply Reply Quote 0
      • J Offline
        Jim
        last edited by 24 Jun 2008, 20:39

        @unknownuser said:

        This is true Jim, and has been since day 1. But that's not the topic.

        The bottom line is know your source for ruby scripts. If in doubt, don't download or run.

        And we're just now getting around to informing everyone else? Shame on us. It might be a good idea to inform everyone else, and then create some common-sense guidelines.

        Hi

        1 Reply Last reply Reply Quote 0
        • T Offline
          todd burch
          last edited by 24 Jun 2008, 21:03

          No, we're not just getting around to informing everyone else. I could find some links to posts made in July 2004 about the same exact topic.

          Ruby scripts, just like ANY OTHER PROGRAM you download or create yourself, have the potential for being malicious.

          I don't consider it my duty to tell all of Google's SketchUp users that some dingbat might get their rocks off on writing a malicious program that interfaces with SketchUp.

          1 Reply Last reply Reply Quote 0
          • T Offline
            todd burch
            last edited by 24 Jun 2008, 21:07

            Let me clear up a remark I made at the top of this thread, and even my followup posts.

            When I said "that is not the topic", I thought I was posting to Lewis's thread about a Ruby vulnerability that applies to people who use Ruby on a server for websites.

            However, this thread, your topic, certainly applies, and yes, you can do just about anything you want with Ruby.

            1 Reply Last reply Reply Quote 0
            • 1 / 1
            1 / 1
            • First post
              5/5
              Last post
            Buy SketchPlus
            Buy SUbD
            Buy WrapR
            Buy eBook
            Buy Modelur
            Buy Vertex Tools
            Buy SketchCuisine
            Buy FormFonts

            Advertisement