[Suggestion] - Section for the best ways to secure your Godot application?

[girng]

I know there is a small portion in the official godot docs, but I think it would be relevant/beneficial in this repo as well. Maybe a section for tricks to "maximize the security" of your Godot app? For example, changing the XOR key before compiling adds one extra step the hacker has to do, etc.

Awesome repo btw, I'm learning a lot.

[waleed177]

I dont consider encrypting the game as security, in my opinion, security is only when protecting the user against others (including the developer). If its multiplayer, security should be server side (protecting the server from the client) and client-side (protecting the client from the server, i.e, no arbitrary code execution, etc..).

[nikitalita]

Your best option is probably to just encrypt the PAK, but the key is trivially recoverable from the EXE. We don't include instructions on how to do that, though, so it would protect from at least the most basic of RE attempts.

[manjaroman2]

The engine in open source, that's the problem
Game devs who want to secure their game need to modify the engine code.
The load_byte_code function is a good start, you can go lower modify the mbedtls library.