file execution

Get help using Construct 2

Post » Mon Jun 24, 2013 4:17 pm

Well, with Chromium alone, you can't do much more than with any other browser. The "power" comes when you add node.js to the mix. Nodejs adds whole "real" platform feeling.

It's all in the name node-webkit (node.js + chromium webkit = node-webkit)
Be nice until it's time to not be nice
B
36
S
9
G
9
Posts: 293
Reputation: 6,662

Post » Fri Jun 28, 2013 11:04 pm

Well that's scary...I will be very cautions clicking peoples capx files to help them out now...
As long as I can move left, right and fire, I'm Happy...
B
42
S
15
G
11
Posts: 655
Reputation: 12,260

Post » Sat Jun 29, 2013 6:32 am

[QUOTE=Pixel perfick] Well that's scary...I will be very cautions clicking peoples capx files to help them out now...[/QUOTE]

Since mostly you don't export as exe using the capx, you shouldn't have problems with that, and if 3rd party plugins does ll that, You will need to have them first, so anyway, I don't think you should worry about debbuging a Capx
Game design is all about decomposing the core of your game so it becomes simple instructions.
B
43
S
18
G
18
Posts: 2,106
Reputation: 16,436

Post » Sat Jun 29, 2013 1:27 pm

@Aphrodite True regarding the third party plugins, but nodeWebkit is an official plug in and ships with C2...

I can't think of a valid reason to want to do this,so still think it's dodgy...

As long as I can move left, right and fire, I'm Happy...
B
42
S
15
G
11
Posts: 655
Reputation: 12,260

Post » Sat Jun 29, 2013 3:04 pm

@Pixel perfick you'd have to run the actual exported executable in order for this to work, and any additional executables that are called would have to either be downloaded through the app or run from the folder. A capx couldn't call an exe.

If you're worried about viruses/trojans/etc., any file will have to first get through your anti-virus anyway.

The solution is pretty simple: don't run executables that you don't trust - the same goes for anything you download from the Internet.

PS: A perfectly innocent reason for wanting to do this would be to create a launcher app that checks for updated versions of the game before going into the game itself.GeometriX2013-06-29 15:06:21
B
57
S
15
G
11
Posts: 912
Reputation: 12,581

Post » Sat Jun 29, 2013 3:59 pm

@GeometriX Maybe I'm playing devils advocate a little and personally have no use for running an Exe...

I would be the first to admit I am no web developer, and thought that the HTML5 environment was closed off from the system, but, I am pretty aware of exterior threats via internet or elsewhere, My concern is more general and for the people that are less careful...

I am a little confused as there seems to be a definitive yes and no response to this thread...

So My question is could a posted capx or exported game, uploaded to the scirra arcade for instance, carry a deliberately added, potentially unwanted program?Pixel perfick2013-06-29 16:00:12
As long as I can move left, right and fire, I'm Happy...
B
42
S
15
G
11
Posts: 655
Reputation: 12,260

Post » Sat Jun 29, 2013 5:11 pm

@Pixel perfick I don't see how that would be possible.

From what I do understand of web security, any capx that you download or any game that you run in a browser (be it the arcade, Kongregate, in preview or elsewhere) simply cannot run an executable without user approval*.

I suppose a capx could carry a dangerous exe as a project file, but you'd have to deliberately and manually extract and run that file yourself.

*Of course, there are always way around these things, but that's just the nature of the Internet.GeometriX2013-06-29 17:12:21
B
57
S
15
G
11
Posts: 912
Reputation: 12,581

Post » Sat Jun 29, 2013 6:38 pm

I agree with @GeometriX and @Aphrodite.

This is the topic that's really often on the nw mailing list. There are ways to send malicious nodejs code to someone using node-webkit exported app. After all, it just an browser with capability to munch nodejs code.

There are ways to control this and be safe.

You can mess with the manifest file, and set "node-remote" field, or "nodejs" field to enabling/disabling nodejs.

With iframes, you can check out this wiki page for more info.

The idea is that your app doesn't have any malicious code, and that you protect yourself from others injecting possibly malicious code.

Although, i have contemplated of a fast platformer that deletes your hard drive when you die.

Cheers!


edit: Wiki on securityJohnnySheffield2013-06-29 18:49:16
Be nice until it's time to not be nice
B
36
S
9
G
9
Posts: 293
Reputation: 6,662

Post » Sat Jun 29, 2013 7:42 pm

@geometrix and @johnnysheffield

Thanks for clearing that up, good to know that standard HTML5 security is not compromised by C2 and node-webkit...
As long as I can move left, right and fire, I'm Happy...
B
42
S
15
G
11
Posts: 655
Reputation: 12,260

Previous

Return to How do I....?

Who is online

Users browsing this forum: KittenKatja, LaDestitute, ladjuric, SnipG, Zjahel0001 and 10 guests