0 votes

Lately I've been learning how to generate configuration files for my game so I can save the user's preferred keymappings and then read them from the disk when the game is opened again. However, upon checking the generated .cfg file, I realized I'm actually putting in an entire InputEventKey node for every defined key into the file instead of just the keycodes.

Example (move_left is a single line):



It's not a particularly hard thing to patch out. I'm just wondering if I should do that at all since it has not done any harm to me (and I'm lazy, and it works as intended, and I've got other things to worry about). The fact that you could potentially attach an external script via the "script" field is what's worrying me, though. Is that possible at all? Is there some other reasons for me not to keep it the way it is?

Godot version 3.3.3 mono
in Engine by (52 points)

1 Answer

+1 vote
Best answer

As long as you're not sending ConfigFiles over the network, encoding/decoding Objects should be fine to do. If someone is looking to inject arbitrary GDScript code into an exported project they downloaded, there are plenty of ways to do so anyway :)

by (12,893 points)
selected by

So basically I have nothing to worry about, even if the contents of the file are plainly visible to everyone that views it and can be easily accessed via the game's config folder?

Indeed, there's no problem with that.

Welcome to Godot Engine Q&A, where you can ask questions and receive answers from other members of the community.

Please make sure to read Frequently asked questions and How to use this Q&A? before posting your first questions.
Social login is currently unavailable. If you've previously logged in with a Facebook or GitHub account, use the I forgot my password link in the login box to set a password for your account. If you still can't access your account, send an email to [email protected] with your username.