Max 2022 New "Security Feature" - What do you think?


#41

have you tried it on your phone? :wink:


#42

I never had a phone, except the for the line ones. But I bet it will run very well there.


#43

Thanks to the list you posted in another thread I managed to gather all the posts from 2003 to 2020, parse them and organized. :smiley:

Check your PM.


#44

I managed to gather all the posts from 2003 to 2020, parse them and organized, put them together in a book, published and sold. :stuck_out_tongue_winking_eye:


#45

No doubt it would be the best book about MXS ever.


#46

I want this book! :rofl::rofl::muscle::+1:


#47

Hi everyone out there. I’m now out of this 3dsMax world, but I read you and I miss you. :kissing_heart:


#48

Shame you left us. We miss you too man. Hope everything is good.


#49

Can I have the e-variant of the book, please?

@aaandres, are you in the 3d world?


#50

Check your PM


#51

Thanks, Jorge! Everything’s ok here by now.
Hi Kostadin! I’m still with my 3D company, but close to retirement.
I have enjoyed programming (and designing) in UNITY for 2D and 3D games (C#) and a few in UNREAL (blueprints). Just for hobby with my son. I have time to do things! I haven’t written a line of maxscript for three years.


#52

Now you have a chance to write a line, without using 3ds max, just for fun. :slight_smile:


#53

I haven’t written a line of maxscript for three years.

you’re best out of it, the current max is horrible the UI is like a nasty twitchy cracked up drug addict. The more I have to use it the more I hate it. Just Nasty.


#54

Same here please, can I get this?
Thanks


#55

You got a PM :wink:


#56

@PolyTools3D, in your custom attribute example, if you load the scene file that has the CA in a session of Max other than the one in which you evaluated the CA’s definition, the safe scene script execution (SSSE) will block the unsafe command (DosCommand).
The reason that in your example the security feature seems to not work, is because the CA’s definition was evaluated as non-embedded and due to an code-optimization, it is being used as such until you restart 3ds Max.
We are aware of this issue and will address it in a future release of 3ds Max.


#57

@attilaszabo, Thank you for taking the time to reply and clarify that.


#58

I wanted to chime in some on this thread. I haven’t been so active here lately as my work has kept me busy for a few years. Over the last decade+, several of you have been awesome resources to all the world and to myself as I learned the ins-and-outs of MAXScript.

I started thinking about security several years ago as I realized all the things you can do with MAXScript. When the topics started coming up in the Max beta forums over the last few years, I was honestly skeptical about the project initially. As someone who had made his living primarily because of technical MAXScript expertise in the last several years, I was concerned about anything that might take away the power of MAXScript as a pipeline tool.

Fast-forward and I now get to work alongside Attila as a fellow product owner at Autodesk. After following the topic very closely (and often providing my own perspective to Attila’s team), I think that the situations was handled very well. All of my initial fears are gone because of the way that the features were developed. The commands that are blocked are only when the calls are from embedded scripts in the scene—preventing the kinds of things that people wouldn’t expect to be doing anyway. Are people actually using hiddendoscommand() inside of a scripted controller, for example? Users aren’t going to expect that if they open a Max scene, a custom attribute on the rootnode is actually able to automatically edit files on your computer.

If you still need for one of the blocked commands to work from within a custom attribute, you can simply change your approach to writing startup scripts to define global functions, structs, macros, etc, and call those from your embedded custom attributes. Because they are run at startup, they are not considered embedded functions.

The reason this is safer is that those functions will only be there if you put them on your computer yourself—and this assumes that you understand and trust those tools. It’s protecting someone from opening a scene file they download from the internet and suddenly they have problems. The system is not about protecting every vector of attack—but closing the door on spreading attacks inside of Max scenes.

I just wanted to share my thoughts on this topic, because after all is said and done, I’m actually proud of what Attila’s team accomplished. I think there are some things to polish (like what Attila mentioned above), but I know he and his team have been very dedicated and passionate about trust and reliability for all of us Max users in the world.