Search Unity

Doubts about parsing data from an .xml file.

Discussion in 'Scripting' started by hedgeh0g, Sep 11, 2019.

  1. hedgeh0g

    hedgeh0g

    Joined:
    Jul 18, 2014
    Posts:
    58
    I see it is a common pratice to store any sort of data (characters' stats, level design and more) into .xml files and read them on runtime to use them. What I don't understand is: why?

    Where is the advantage in storing the character stats of your RPG game or the enemy waves of your shoot'em up game into an .xml file instead of a MonoBehaviour or whatever? I can see how you could serialize data to, I don't know, load the scene in Easy, Normal or Hard mode without creating three separate scenes, that's cool. But performance wise?

    Also, if you put everything into an .xml, can an external user easily manipulate these files?

    Any other advantages/disadvantages I should be aware of?

    Thanks in advance.
     
  2. Joe-Censored

    Joe-Censored

    Joined:
    Mar 26, 2013
    Posts:
    6,281
    Not just XML, but any flat file (text file) format. There's several reasons. You can update them without having to generate a new build. The computer you write them on doesn't even need Unity installed. They allow for relatively simple modding by the players themselves (yes someone else can modify these files, which is often the point of using this kind of file).

    Reading a text file is generally a one off trivial task, so performance is not something you're thinking about when choosing this type of file.
     
    hedgeh0g and Laperen like this.
  3. JeffDUnity3D

    JeffDUnity3D

    Unity Technologies

    Joined:
    May 2, 2017
    Posts:
    5,138
    Use JSON instead of XML these days!
     
    Kurt-Dekker likes this.
  4. Laperen

    Laperen

    Joined:
    Feb 1, 2016
    Posts:
    810
    @Joe-Censored already made the main points. Here's one from me:

    If the file stores dialogue, it allows for easy switching of languages when dealing with localisation. Each dialogue file can store dialogue of a given language, and you load in the relevant language file based on the player's chosen language preference. If the file is text based, you can pass the file to a translator to do the translation. The translator doesn't need your game or need to understand your story to do their job.
     
    Joe-Censored likes this.
  5. hedgeh0g

    hedgeh0g

    Joined:
    Jul 18, 2014
    Posts:
    58
    Suppose I don't want the players to modify my level design or character stats, should I keep hardcoding everything?
     
  6. csofranz

    csofranz

    Joined:
    Apr 29, 2017
    Posts:
    705
    What Kind of question is that? You are pre-supposing that
    1. the only way to protect your level/character against modification is hardcoding and
    2. hardcoding actually will protect your level/character agains modification
    Both are patently wrong. Any level or information that the computer can load is inherently hackable. The only question is how much effort are you willing to spend on securing your level rather than trying to make a good level.

    If you need to protect against casual modification (there is no way to protect against serious attempts) use a JSON, and hash the level/character with a secret key so you can easily see if the file was modified. Sure, a serious intruder will crack it quickly, but you'll block out the casual crackers and only spend a Minimum of time on this fools errand.

    There is no way to make a game (especially Unity-based) safe against cracking. Even server-based character info can be broken in to. Keep it simple, and make a good game instead. I've never seen a good game fail because of bad security.
     
  7. Joe-Censored

    Joe-Censored

    Joined:
    Mar 26, 2013
    Posts:
    6,281
    It it technically not possible to 100% prevent these kinds of modifications of local data, though you certainly can make it much more difficult. Using XML is just making it easier for them though, since using a well known file format means you're saving them the hassle of deciphering the structure of the file.

    Hard coding your data into the build only marginally raises the bar for attacking this data. The casual attempts or complete novices will probably be initially stopped, but not anyone with a moderate skill set and a bit of determination, and after they figure it out they can of course easily share their solution with the casual and novices.

    To really make this difficult, you're probably going to want to employ encryption, maybe completely custom file types, CRC checks, use IL2CPP, etc, but you do that and you only make it harder not impossible. All the code to decipher your data is included in your build, so you're handing the highly skilled the exact tool kit they need to defeat whatever you try.