I have hundreds of assets I want to show to users. These assets are reasonably important to prevent users to get them easily. So how easy it is to get an 3D asset (meshes, animations, etc) in a usable form (fbx, etc) from a unity3d file? I am not talking about source code assets so I don’t care about decompilation and stuff like that.
Depending on that, I have two options:
Compile each 3D asset separately in differrent webplayers;
Build one webplayer that will dynamically load the assets stored on the web server. In that case, does the directory containing the assets have to be publicly readable or is there any way to allow the unity player only to read it?
Define ‘easy’ There is no way to unpack a .unityweb file to extract FBX or other assets from it, so short of a utility that pulls the geometry data directly out of video card memory, I don’t think you need to worry. If you do decide to go with dynamically loading the assets, though, I don’t see why you couldn’t require HTTP authentication for asset bundle downloads.
thanks a lot for your answer. Well, as far as I know, and according to what I read so far, extracting source code from .unity3d files is pretty easy. So, if it is at least more difficult than downloading the file and opening it in an utility, it is fine for me: if the user is that motivated to read the flow on the graphics card, he has the right to access our assets…;-D.
HTTP authentication is maybe not a safe idea as far as I know because decompilation is pretty easy it seems. Thus, getting the login and password to the asset server also… Or am I completely wrong?
Thanks for your help and your comments.
Best regards.
If you have concerns over the security of relying no HTTP authentication, you’re free to use any authentication scheme you prefer; you’ll just have to implement it yourself on the server-side. It really depends on how paranoid you feel you need to be
I see. And what about Animation assets? Is it the same thing?
Basically, that means that when you publish a unity3d file, you are also publishing all the assets inside it, right? This is major concern for us as the assets do not all belong to us and we cannot “publish” them like that. If this is true, we will simply have to abandon Unity…;(
Well, I came here to try to find someone to convince me to actually use Unity. All I got is advices telling me NOT to use unity…;(( Any Unity guy in there?..;-D
For most engines (I think) you can rip all textures and some meshes using software like 3d ripper, so in case of Unity only your animations are in a additional bit of danger ;).
The problem is true for 2.6.1 web\standalone and 3.0 web - so if you use standalone builds of Unity 3, it is OK.
No, We use webplayers… So, embedded assets (like animations) are quite easy to get from unity3d. What about assets on a web server? Then, the person trying to get access to the assets would have to:
Decompile scripts;
Identify variables where login and password are stored;
Access the web server with these credentials…
This is a little bit more difficult but still not impossible. Is there a way (except using stored credentials) to ensure that the assets are accessed from our unity web player only?
There is no way to unpack a .unityweb file to extract FBX or other assets from it, so short of a utility that pulls the geometry data directly out of video card memory, I don’t think you need to worry. If you do decide to go with dynamically loading the assets, though, I don’t see why you couldn’t require HTTP authentication for asset bundle downloads.