Skip to main content
jamesj40370443
jamesj40370443
Participant
July 12, 2017
Answered

Scripts and security - how do I know that a jsxbin is safe for use?

  • July 12, 2017
  • 2 replies
  • 3534 views

I am new to After Effects and have found a number of tutorials that provide scripts and ask the reader/viewer to install them, sometimes asking the user to change their preferences. For example: 'Turn on the setting allowing Scripts to write and access network'.

This immediately rings alarm bells, as I do not know the ramifications of the changing the settings or how Adobe manages security issues related to scripts.

This is complicated by the scripts being in jsxbin format, I cannot review the scripts to confirm that everything is kosher.

So my question is, can Ae Scripts do anything malicious (i.e. am I being overly cautious)? If so, are there specific settings that I need to be careful with to manage any undesired behaviour?

To be honest, I'm not happy that scripts can be 'compiled' into binaries. It removes the ability to audit what is going on. Maybe it is okay for the main players... but even then I'm not always 100% sure. Malicious behaviour is something that is always a concern when downloading 'scripts' from unknown and unverifiable sources.

Color me suspicious. 🙂

This topic has been closed for replies.
Correct answer Mylenium

The scripts cannot run outside the apps, so that takes care of 90% of any potential security issues - if they were to do evil stuff, the apps themselves would refuse to execute the commands (assuming they are not leaky due to bugs of course). In addition to that, scripts themselves have only limited communication capabilities because there really isn't much stuff for socket connections, network and file commands. Again most of that requires some app to run, is tied to specific panels or CC libraries. The risk of someone injecting malicious code is not that great, even more so since jsxbin isn't really that efficient nor executable by itself. It would take forever for malicious code to do anything and it would trigger constant warnings or debug events in the ExtendScript editor. I'm pretty sure from the point of "evil guys" it's not worth it. It's much simpler to just send you a fraudulent e-mail with an infected document...

Mylenium

2 replies

Mylenium
MyleniumCorrect answer
Legend
July 12, 2017

The scripts cannot run outside the apps, so that takes care of 90% of any potential security issues - if they were to do evil stuff, the apps themselves would refuse to execute the commands (assuming they are not leaky due to bugs of course). In addition to that, scripts themselves have only limited communication capabilities because there really isn't much stuff for socket connections, network and file commands. Again most of that requires some app to run, is tied to specific panels or CC libraries. The risk of someone injecting malicious code is not that great, even more so since jsxbin isn't really that efficient nor executable by itself. It would take forever for malicious code to do anything and it would trigger constant warnings or debug events in the ExtendScript editor. I'm pretty sure from the point of "evil guys" it's not worth it. It's much simpler to just send you a fraudulent e-mail with an infected document...

Mylenium

kirkeric
kirkeric
Inspiring
July 12, 2017

This is common procedure because the scripts will not work if you do not select that.

It is understandable that you would have the question as a new AE user but if you find scripts under aescripts they are fine. The community is dedicated to providing useful tools.  Aescripts, mamoworld scripts, and numerous others are all good.  I use tons of them and never have issue.

If you have any specific product script questions feel free to ask.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices