|
|
|
|
Reply From: |
willnationsdev |
(Another, updated answer for 3.0 as this question becomes more commonly asked)
So, this is a common question that comes up. Godot sandbox & modding support · Issue #7753 · godotengine/godot · GitHub
Essentially you are limited to…
-
Throwing security out the window and letting people create their own GDScript code. This is what the current answer to this question would be. Just let people create their own GDScript (or VisualScript, or CSharpScript, w/e), and have it reference the assets and whatnot. Then, just plug the assets and scripts into a folder and write your game content so that it scans for that folder to look for pluggable scripts when it starts up. This effectively lets people run whatever arbitrary scripts they want though, so there is no 100% secure way of letting them execute those scripts (since scripts already have OS and network access, among other things).
-
Waiting until someone implements some sort of sandbox support to protect the local operating system while the game executes (based on the Issue linked above).
-
Design your own scripting methodologies for your unique project. Examples include…
a. creating a custom VisualScript editor using custom `GraphNode`s and `GraphEdit`s.
b. creating a custom text-based scripting language.
c. creating a data-driven game where players can edit the data files (editing JSON data or something) in order to modify what content is available in the game.
…or any combination of the above 3.
Note that most other games with modding tools will essentially have created their own in-house tools for editing game content, but those tools will be for their designers and artists (and you as a modder are using those tools), whereas the programmers deal with an entirely separate layer of more detailed information. If you think of Godot as the programmer layer, you would effectively need to create the entire “designer layer” by creating a new layer of the Godot engine that is exposed to them. For example…
If I create an entirely separate Godot project that is the “modding tools” for my game, I might have a base PanelContainer with a GridContainer, some side-docks for FileSystem access, a Viewport in the middle for seeing the world, possibly having an “edit Script” setup that is VisualScript based, but filled with my own custom nodes, etc. Hmmm…this is starting to look more and more like me re-creating the Godot Engine. That’s because you basically are re-making Godot, just in a much more restricted and controlled environment that helps prevent people from mis-using the engine’s local access to the operating system and network protocols.
I think it could be done easier than that. What about building your own version of Godot
(that is basically stripped of some things and contains your own script classes & functions via custom module and maybe most importantly a custom export) and distributing that as an editor? Sounds easier to me than creating a Godot-like editor from scratch using Godot - also less Inception-like
Another thing I don’t get is why you would be that concerned about security. This is modding. People find a mod they like in the Steam Workshop, or Nexus or whatever platform, download and apply it. If one of those mods goes out of its way to delete a user’s hard drive, that is really not the developer’s fault - and won’t exactly serve to spread that mod.
I see no problem in saying “we allow people to mod our game, you can do potentially harmful things in a mod, use mods at your own risk”. I do not believe anyone using mods regularly would be in any way discouraged or even surprised by that.
TheSHEEEP | 2017-11-27 07:53
The custom version of Godot is a good idea. In fact, it would be great if there were a “mod” edition of Godot repository available for people to use and extend separately. Not sure how you would safely pull from upstream though since you’d have to conditionally accept incoming changes. Does git have a way for you to flag certain files / directories as “check with me before allowing merges to alter these areas”?
I actually agree with you on the modding security side of things. Some people expressed similar thoughts about the security issue on the GitHub issue, but iirc Juan was especially concerned about preserving the security of mods and advocated for a sandboxing architecture. We just need to come to some sort of agreement on what should be allowed.
willnationsdev | 2017-12-04 00:32