Doubts about parsing data from an .xml file.

I see it is a common pratice to store any sort of data (characters' stats, level design and more) into .xml files and read them on runtime to use them. What I don't understand is: why?

Where is the advantage in storing the character stats of your RPG game or the enemy waves of your shoot'em up game into an .xml file instead of a MonoBehaviour or whatever? I can see how you could serialize data to, I don't know, load the scene in Easy, Normal or Hard mode without creating three separate scenes, that's cool. But performance wise?

Also, if you put everything into an .xml, can an external user easily manipulate these files?

Any other advantages/disadvantages I should be aware of?

Thanks in advance.

 

Not just XML, but any flat file (text file) format. There's several reasons. You can update them without having to generate a new build. The computer you write them on doesn't even need Unity installed. They allow for relatively simple modding by the players themselves (yes someone else can modify these files, which is often the point of using this kind of file).

Reading a text file is generally a one off trivial task, so performance is not something you're thinking about when choosing this type of file.

 

Use JSON instead of XML these days!

 

@Joe-Censored already made the main points. Here's one from me:

If the file stores dialogue, it allows for easy switching of languages when dealing with localisation. Each dialogue file can store dialogue of a given language, and you load in the relevant language file based on the player's chosen language preference. If the file is text based, you can pass the file to a translator to do the translation. The translator doesn't need your game or need to understand your story to do their job.

 

Suppose I don't want the players to modify my level design or character stats, should I keep hardcoding everything?

 

What Kind of question is that? You are pre-supposing that

1. the only way to protect your level/character against modification is hardcoding and
2. hardcoding actually will protect your level/character agains modification

Both are patently wrong. Any level or information that the computer can load is inherently hackable. The only question is how much effort are you willing to spend on securing your level rather than trying to make a good level.

If you need to protect against casual modification (there is no way to protect against serious attempts) use a JSON, and hash the level/character with a secret key so you can easily see if the file was modified. Sure, a serious intruder will crack it quickly, but you'll block out the casual crackers and only spend a Minimum of time on this fools errand.

There is no way to make a game (especially Unity-based) safe against cracking. Even server-based character info can be broken in to. Keep it simple, and make a good game instead. I've never seen a good game fail because of bad security.

 

It it technically not possible to 100% prevent these kinds of modifications of local data, though you certainly can make it much more difficult. Using XML is just making it easier for them though, since using a well known file format means you're saving them the hassle of deciphering the structure of the file.

Hard coding your data into the build only marginally raises the bar for attacking this data. The casual attempts or complete novices will probably be initially stopped, but not anyone with a moderate skill set and a bit of determination, and after they figure it out they can of course easily share their solution with the casual and novices.

To really make this difficult, you're probably going to want to employ encryption, maybe completely custom file types, CRC checks, use IL2CPP, etc, but you do that and you only make it harder not impossible. All the code to decipher your data is included in your build, so you're handing the highly skilled the exact tool kit they need to defeat whatever you try.