Hello, I’ve been wondering if there are any risks of enabling HTTP Requests in your game. A thought that came to mind is the tool F3X. When using the in game builder tool (F3X), players can save buildings or models using the F3X exporter which uses the HTTP Requests to save the building data, in which you can then import into studio. If I had HTTP Requests on for my game, is it possible that players could exploit an F3X into their inventory and possibly save/export my in-game builds? Are there and other risk factors that could possibly be an issue when enabling HTTP Requests? I’d appreciate any thoughts on this, Thanks!
They can already save your builds without HTTP service enabled in the first place, there is no real way to prevent this in all circumstances.
There is no risk to enabling HttpRequests. Only the server is permitted to get and use the service in the first place, which means only code you write server-sided in Studio can use it.
The only risk is if you have an insecure remote which utilises HttpService, which then you have a general case of bad coding structure on your hands to deal with rather than a direct risk of the HttpService.
Sending an Http request and a secure connection are two different and unrelated concepts altogether. Doesn’t seem like that’s part of the original question you posted either.
JSON is a human-readable format for serialised data. Whether you send a JSON encoded array or not has no bearing on anything, aside from instances where it’s required or considered best practice to send over a JSON-formatted array over a raw one.
Withdrew my post as it is unrelated to my question, sorry about that.
However thanks for letting me know about the possible risks of an unsecured remote, I will try and keep things as neat as possible to try and keep it as a neat structure as I can.
I knew this already, but I found out that:
So even though a client exploits an HTTP Service enabled tool, it will not be able to access the server.
Thanks for the thoughts guys!