cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Scripts and security - how do I know that a jsxbin is safe for use?

jamesj40370443
New Here ,
Jul 12, 2017 Jul 12, 2017

Copy link to clipboard

Copied

I am new to After Effects and have found a number of tutorials that provide scripts and ask the reader/viewer to install them, sometimes asking the user to change their preferences. For example: 'Turn on the setting allowing Scripts to write and access network'.

This immediately rings alarm bells, as I do not know the ramifications of the changing the settings or how Adobe manages security issues related to scripts.

This is complicated by the scripts being in jsxbin format, I cannot review the scripts to confirm that everything is kosher.

So my question is, can Ae Scripts do anything malicious (i.e. am I being overly cautious)? If so, are there specific settings that I need to be careful with to manage any undesired behaviour?

To be honest, I'm not happy that scripts can be 'compiled' into binaries. It removes the ability to audit what is going on. Maybe it is okay for the main players... but even then I'm not always 100% sure. Malicious behaviour is something that is always a concern when downloading 'scripts' from unknown and unverifiable sources.

Color me suspicious. 🙂

Views

2.3K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Mylenium
LEGEND , Jul 12, 2017 Jul 12, 2017

The scripts cannot run outside the apps, so that takes care of 90% of any potential security issues - if they were to do evil stuff, the apps themselves would refuse to execute the commands (assuming they are not leaky due to bugs of course). In addition to that, scripts themselves have only limited communication capabilities because there really isn't much stuff for socket connections, network and file commands. Again most of that requires some app to run, is tied to specific panels or CC libra

...

Votes

Translate

Translate
replies 2 Replies 2
latest latest Jump to latest reply
kirkeric
Enthusiast ,
Jul 12, 2017 Jul 12, 2017

Copy link to clipboard

Copied

This is common procedure because the scripts will not work if you do not select that.

It is understandable that you would have the question as a new AE user but if you find scripts under aescripts they are fine. The community is dedicated to providing useful tools.  Aescripts, mamoworld scripts, and numerous others are all good.  I use tons of them and never have issue.

If you have any specific product script questions feel free to ask.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Mylenium
LEGEND ,
Jul 12, 2017 Jul 12, 2017

Copy link to clipboard

Copied

LATEST

The scripts cannot run outside the apps, so that takes care of 90% of any potential security issues - if they were to do evil stuff, the apps themselves would refuse to execute the commands (assuming they are not leaky due to bugs of course). In addition to that, scripts themselves have only limited communication capabilities because there really isn't much stuff for socket connections, network and file commands. Again most of that requires some app to run, is tied to specific panels or CC libraries. The risk of someone injecting malicious code is not that great, even more so since jsxbin isn't really that efficient nor executable by itself. It would take forever for malicious code to do anything and it would trigger constant warnings or debug events in the ExtendScript editor. I'm pretty sure from the point of "evil guys" it's not worth it. It's much simpler to just send you a fraudulent e-mail with an infected document...

Mylenium

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Troubleshooting FAQs
Fix common After Effects crashes
How to fix "Display Acceleration Disabled"
Fix dynamic link between After Effects and AME
Building the best After Effects computer
Why isn't After Effects preview real-time?
After Effects Community Recap
After Effects Community Recap 2022: Year-in-review
October 2022 Community Recap
After Effects Community Recap home page
Getting started with After Effects
How to download & install After Effects
After Effects system requirements
Inspiring tutorials
After Effects user guide
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices