Is the way im saving my data ok?

MysticalCell24 · September 1, 2024, 9:00am

Godot Version

4.3

Question

I’m a new user to godot. I’ve heard that using resources to save player data is bad since I can execute malicious code if there is any. I wanted to make sure if players playing my game send save files to others then it won’t hurt the other person. I was wondering if the way I am saving is safe or not.

I am using custom resources for player data and couple other things. I am putting them into a dictionary and saving the dictionary using the store_var function with a “.dat” save path. If I load that dictionary with get_var. If there were any malicious code in those resources would it be able to execute?

Armynator · September 1, 2024, 9:29am

get_var is unsafe for object reconstruction and allows code to be executed, see: FileAccess — Godot Engine (stable) documentation in English

The safe way would be to serialize/unserialize your game objects manually.

system · October 1, 2024, 9:29am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.