Security risks of nontrusted asset bundles

Hi everyone!

Mars Explorer has been growing by leaps and bounds, and some members of the Mars Explorer community have begun using their own copies of Unity to build new worlds for it.

I am intending to release a set of world standards (terrain quality, named “points of interest”, etc), and then incorporate functionality to load third party worlds into the game as asset bundles during runtime. I wouldn’t think of doing this in an executable game - as anyone could write a world that would be siphoning the user’s hard drive while they were playing, but I can’t think of any reason that this wouldn’t be safe in a webplayer game.

Is there anything a webplayer app could do that would harm a user’s computer? And is there anything an asset could do that would compromise my webplayer app? Provided that I am careful about public variables on all my GameObjects, a script running in the game couldn’t steal the source code for anything, could it?

I would probably implement developer keys, so I would know who to go after if a world was released that repeatedly crashed the game or something.

Also, I remember a clause in the Unity license agreement that says that you can’t mix pro and indy licenses. Would what I am thinking of doing violate this?

If worst comes to worst, I might try writing a standalone world design application that, like “newspeak”, would make it impossible to even express malignant intentions towards my walled garden of Mars Explorer :slight_smile:

I really am surprised that this hasn’t been done before. Fractscape is the closest thing I have seen - but picture a free environment editor released by Unity that had terrain and object editing but and no scripting capability. Every single Unity game designed with an extensible architecture would suddenly become orders-of-magnitude more amazing!

-Aubrey

That one’s easy. UT’s has made making the Web player safe one of its priorities. If it was a security risk no one would risk installing the plugin!

The source code isn’t included in the build. It might get lists of function names through some System.Reflection but I doubt it could get anything more than that.

they can not steal anything as the scripts are all part of your app.
they can not create new apps for their addons unless you provide them your full client.

asset bundle, as the name says, can only contain media, not functionality.

…But couldn’t an Asset Bundle contain scripts? And aren’t scripts functionality?

Oh - and thanks Starmanta - I had never heard of System.Reflection before! So much to know…

I would also be very interested if anyone has more insight on the legal aspects I mentioned above.

I thought so too, but unfortunately not. Makes sense though, for security reasons.

Recent topic on similar subject can be found here.