Replace examples trying to "protect" resources or save using config file as there may always be exploits

gdquest-demos / godot-demos-2022

Free and open-source Godot demos for learning, with guides and tutorials: 2022 edition.

Other

411 stars 40 forks source link

Replace examples trying to "protect" resources or save using config file as there may always be exploits #11

Closed NathanLovato closed 2 years ago

NathanLovato commented 2 years ago

Following #6 we did some research, and the only way to prevent arbitrary code execution is to use only plain text parsing. JSON, XML, or your own format.

Anything that could potentially parse resources, like str2var, ConfigFile, or resources, can execute code. Except for bytestovar and vartobytes, which have extra safety because they're used for networking.

We should update examples and the demo's readme accordingly.

NathanLovato commented 2 years ago

Closed by 971b48655c05f07e4f9a973a18c791ca8b3cd045