You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm implementing save and load system using messagepack for my Unity game.
I have only used json serializer (json.Net) before, so I'm quite new to binary serialization.
What I'm concerned about is possible security issues you mentioned when deserializing.
Since my game is client-only I don't see that much of a problem.
However, what I'm worried about is if I have to receive save data from users and deserialize it on my machine.
Could this be a possible vulnerability to code injection or any other malicious actions?
To be clear, I'm only asking about the deserialization process.
I'm using untrusted data option and only typed resolvers when deserializing.
Thank you in advance!
The text was updated successfully, but these errors were encountered:
Using the untrusted data option and avoiding the Typeless formatter and resolver should be adequate protection from code injection attacks, at least as far as we know today. What you do with the deserialized data after that is on you.
I'm implementing save and load system using messagepack for my Unity game.
I have only used json serializer (json.Net) before, so I'm quite new to binary serialization.
What I'm concerned about is possible security issues you mentioned when deserializing.
Since my game is client-only I don't see that much of a problem.
However, what I'm worried about is if I have to receive save data from users and deserialize it on my machine.
Could this be a possible vulnerability to code injection or any other malicious actions?
To be clear, I'm only asking about the deserialization process.
I'm using untrusted data option and only typed resolvers when deserializing.
Thank you in advance!
The text was updated successfully, but these errors were encountered: