Gringo Starr

@pc98jr

Avatar by @aenglestudio

Any pronouns

Final Fantasy, old Japanese computers, Linux 🤓

Gringo Starr @pc98jr4/23/2024, 5:06 PM

People realize games are often used as attack vectors now, right?

You must log in to comment.

in reply to @pc98jr's post:

Crungo @Crungo4/23/2024, 5:07 PM

What's the context for this

Gringo Starr @pc98jr4/23/2024, 5:09 PM

Ah I saw a thing that said game dev doesn't need to take security into consideration. Everything else in the post was right, but I thought that was weird.

It was about balataro using a bunch of statements that are all executed quickly in lua.

sirocyl @sirocyl4/23/2024, 6:04 PM

tbh it's all a matter of risk and scope, but if a game goes online to either play with others or fetch updates or blog posts, or can run any file from other people (mods generally not included) they had better keep that risk in mind and adjust accordingly.

Gringo Starr @pc98jr4/23/2024, 6:34 PM

That would be most games now, really, unless they rely on an intermediary like steam to update.

sirocyl @sirocyl4/23/2024, 6:49 PM

iirc most games' updaters are separate code, for the most part, though. the updater doesn't give the game engine a network stack

I'm more talking about like, fetching raw HTML, over unsecured HTTP, and rendering that clientside