Save Games using ResourceSaver are risky?

JamesDerril · February 21, 2025, 10:32pm

Godot Version

4.3

Question

Hello,

I don´t understand this reddit thread:
https://www.reddit.com/r/godot/comments/1ax6mae/safe_usage_of_resourcesaver/

What is the difference between saving a game as a Resource using the ResourceSaver and saving it e.g. as a dictionary?

Couldn´t I save a Resource that contain a dictionary? Wouldn´t that be the same?

Sorry if my question sounds stupid, but I am just learning to code by myself.

I am using e.g. this to save my upgrade stats from the in-game shop and now I am worried, that I might be doing something wrong.

extends Control

@export var upgrade_shop_levels: UpgradeShop # Upgrade shop is Resource class
# Called when the node enters the scene tree for the first time.
func _ready():
	upgrade_shop_levels = load("res://Ressources/upgrade_shop.tres")
	
	$VBoxContainer.size = Globals.viewport_dimensions
	
# Called every frame. 'delta' is the elapsed time since the previous frame.
func _process(delta):
	pass


func _on_button_help_button_up():
	$InGameShopHelpOverlay.show()

func _on_button_buy_coin_multi_pressed():
	upgrade_shop_levels.set_coin_multi_lvl(upgrade_shop_levels.coin_multi_lvl +1)
	_save_upgrade_shop()
	
func _save_upgrade_shop():
	ResourceSaver.save(upgrade_shop_levels, "res://Ressources/upgrade_shop.tres")

Best regards,
Jayme

gertkeno · February 21, 2025, 11:59pm

You are doing one thing wrong, saving to “res://” will not be available when exported, you should save user data to “user://” paths.

The thread is talking about how resources can contain and run scripts, so if you use a Resource base for saving then a bad actor could leverage your game to hack your players by distributing a save file. The thread suggests using a Dictionary instead of a Resource as they can be similar if only used to store key/value pairs.

JamesDerril · February 22, 2025, 10:06am

Thank you for the hint!
I am using mac os and I don´t see “user://” in the file system.
Is there a way to enable it in the file system?

Ok, that means that the user would have to deliberately download a save file from the web. Which is not advisable anyways and my game is a singleplayer game. So I am not too concerned to be honest. But I will consider it in case of a multiplayer.

Best regards,
Jayme

ananasblau · February 22, 2025, 10:41am

you only have to change the paths in save and load from res:// to user://

On a Mac the directory is somewhere in ~/Library/Application Support/

pauldrewett · February 22, 2025, 12:59pm

“user://” is designed to provide a consistent, cross-platform way to access user-specific directories, ensuring your game can read and write data regardless of the underlying operating system.