efroemling
Cloud Console Opt in
first of all: thanks for the amazing game! Lots of fun :D and thanks for the enormous mod friendliness.
Description
By default the game accepts code from the cloud. I think that's kind of scary. There is no need to have this enabled by default. If I understand correctly, you have to trust the server. I think this is unnecessary.
Solution
in the settings > advanced window could be a checkbox to allow code from the cloud. every mod developer can go this small extra step in my opinion
Alternatives
I see the great potential of this cloud modding / debugging feature and don't want it gone.
Additional context
some mockup code i imagine:
def cloud_console_exec(code: str) -> None:
"""Called by the cloud console to run code in the logic thread."""
if not settings.enable_cloud_console:
print('Cloud Console code is disabled by the client.\
Go to Settings > Advanced to enable it')
return
...
This is a great idea. I think it should also apply to workspaces since that can also allow 'the cloud' to run code on the local device even if it's a bit more roundabout. I think things on the technical side are in a decently secure state right now (the app should only be trusting stuff coming from a secure connection to ballistica.net) but it would be good to guard against social engineering sort of attacks too. ("hey stranger; log in with this username/password and check out my cool mods!")
Maybe the app can keep a list of which account ids are 'trusted' and pop up a big scary allow/disallow dialog before allowing cloud-console commands or workspace syncing from a not-yet-trusted account-id?.. or any thoughts on a better mechanism?
