Attached Link: Re: Content Paradise :-)

Since the original thread (ref the link) seems to have been overtaken by discussions about OSes, I figure that the real security issues may be addressed quicker in a new thread. To make it easier to follow, I will copy some of the relevant posts here. ===== The PDF from the link on the [EGISYS] page (http://www.egisys.de/contentparadise/?lang=EN&res=high&path=) describes Content Paradise in a little more detail. It would seem that the Poser interface to CP is based upon Python. Being a "newbie" to Python, I do not have the slightest inkling how this will effect security concerns, but at least it is somewhere to start. It seems they missed the mark for the August opening, as CP is still listed as "coming soon" according to www.contentparadise.com. It would be interesting to see how this differs from the other 3D brokerages and related sites. === In my quest to answer my own questions, I found the following quote at the link provided [http://www.byte.com/art/9702/sec5/art4.htm]: "In terms of security and today's concern with distributed Internet applications, Java definitely excels. Because Python is more of a scripting language, it can have lots of freedom with the local file system, which creates security risks. Furthermore, Python allows many ways to dynamically invoke commands read from any file type, even a TCP socket. Python does have a restricted mode that 'fakes' many of the standard functions and modules but actually uses only those deemed 'safe.' If an attempt is made by the code to access restricted material, an error is raised and the user is alerted." It would seem to me that the choice of using Python was natural (given that PoserPython seems to be an integral part of the software); however, it seems that the security risks that the above quote implies would prove troublesome with any security-minded individual. Given the date of the article, I would presume that these potential security issues have been addressed a long time ago; however, I have not been able to locate that information on my own as of yet. === The link [http://sourceforge.net/tracker/index.php?func=detail&aid=576711&group_id=5470&atid=105470] is a bug notice that involves the Python 2.2.1 Windows binary (executable). For those who do not know, SSL is the Secure Sockets Layer used by secure websites for such things as encrypting transactions. === I would like to see CLs' response to the two security-related links I posted above; especially the SSL bug. If Python does not currently have native SSL support in it (which is a requirement in order to securely process financial transactions on the Internet), and CL's Content Paradise room is based upon Python, it only stands to reason that CP is insecure in that it does not have support for SSL connections made through P5. Any direct connection using other broswers that support SSL, ie MSIE and Netscape, should not be effected since it does not rely upon the Python scripting to connect. What this will mean to those using CP through P5 is that any information exchanged using the CP will not be encrypted and, therefore, could be easily intercepted and compromised by anyone hacking on the connection. If, by chance, the CP connection is opened and available when P5 is run and you have your Internet connection up, there is also the possibility that someone could hack into your system based upon the information from byte.com. These are serious issues that really need to be addressed.