koobas.hobune.stream
How stupid would it be to allow users to upload dll's for use in my application?
I'm working on a browser based unity game that also has an online editor. It occurred to me that it would be useful for users to be able to add 'plugins' to the editor that I've created. One idea that occurred to me for this was to allow users to upload DLL's with some c sharp classes that add functionality to the editor, and then load the DLL's associated with the current user automatically. My understanding is that the web player runs in a sandbox environment so would prevent the user from uploading code that was all that malicious. And ultimately the DLL is only run on the client machine (and not other users). I've run some tests and have got this basic concept working. But it just strikes me like this is a bad idea somehow. Are there any risks to this approach?
Curious! I have the same gut feelings as you, this seems like a bad idea, but I have no proof to back this up.
There are huge security risks since, even when it's managed code, it can change nearly every aspect and function in the game. Since Reflection can be used even in the webplayer a foreign DLL could do any changes to the game. Of course everything happens inside the sandbox on the client machine, but it allows to change anything within your game.
It's possible to use relfection to analyse the DLL code quite easy, however that requires your game to load the DLL first and at this point it would be too late.
I would recommend to use a scripting language like UniLUA
Would the changes be cached for that single use only, or for that ip only or would it be saved to the webserver? If it is saved to the webserver, it could very much so be an issue of causing other players greif by adding an extremely hard level/addon or by changing base mechanics. And as you said, malicious files could be uploaded to steal info specifically.
The largest risk is processing power IMO. someone could upload an insanely intensive webserver only script that could lag and crash your server.
I hope i helped
They could add functionality to their level and once published, their level could be played by other users. So the dll would be saved to the web server, then streamed to any user that opens the new level, which would then execute the dll in the web player on the client machine.
You make a good point that level creators could upload a dll that s$$anonymous$$ls info on its users and sends it to some online database (whatever info it can get from within the unity web player anyway). As you say, it is also a risk that users could make levels unplayable or crash, but that's really their responsibility, that would just be a badly made level. I'd be more worried about security risks.
So far I haven't heard any deal breakers.
I don't know if it would work or not, but hiring moderators to check the DLL for malicious code may be a good idea.
