Hi Willem,
I have now added this limitation. A user cannot write more than 100 values
to the registry for a given product, and each of these values can be no
larger than 2048 bytes.
I think this is all I can do in terms of precautions. The rest just comes
down to whether you trust a particular script writer's competence enough to
run his or her code.
Kind regards,
Philip Bennefall
----- Original Message -----
From: "Willem Venter" <dwill...@gmail.com>
To: <phi...@blastbay.com>; "Gamers Discussion list" <gamers@audyssey.org>
Sent: Tuesday, November 22, 2011 12:01 AM
Subject: Re: [Audyssey] More BGT news
Hi philip. Yes imposing the limmit of 100 values is a solution. I also
think you should warn users of a script about a script accessing the
registry as I would still not like keys floating around in my registry
from games I tried once.
I understand what you mean about the delete file command, but it is
harder to accidentally delete the wrong file. My concern is less for
malicious people and more for working with something they don't really
understand. A file is simple and localized to your script while the
registry is not. Even for your screen reader example, restarting the
system would still allow the screen reader to work, where many keys in
the registry would permanently slow down the system, even if they are
later removed.
Thank you.
On 11/21/11, Philip Bennefall <phi...@blastbay.com> wrote:
Hi Willem,
I can insert a limit of, say, 100 values for each game. Each value can be
at
most 2048 bytes in length, which would mean that a script writer could not
store more than 200 kb in the registry. Would this solve the problem for
you?
I think though that no matter how you look at it, badly written code can
always cause more or less serious issues. I have screen reader support in
the engine where you can interrupt and stop the speech, and if someone
wrote
an infinite loop accidentally that kept stopping the speech it might be
hard
to shut that program down. Does this mean we should not have screen reader
support? You can also delete files with the file_delete function. Again,
something else that could be abused. There just comes a point where you
need
to decide whether or not you trust the writer of the game enough to
subject
your computer to their code, which is true of any game or software
application. It is hard for me as the engine designer to prevent people
from, intentionally or unintentionally, writing code that may be harmful
in
one way or another. But I will certainly do as much as I possibly can to
make it more unlikely to occur, including limiting registry access if
people
feel it is necessary.
Kind regards,
Philip Bennefall
----- Original Message -----
From: "Willem Venter" <dwill...@gmail.com>
To: "Gamers Discussion list" <gamers@audyssey.org>
Sent: Monday, November 21, 2011 7:36 PM
Subject: Re: [Audyssey] More BGT news
Hi thomas. Many games are just scripts you run, so there is no
installer or uninstaller.
While I'm not sure if there is a limmit on how many keys a game may
create, not having one is dangerous. Just imagine a program going into
an infinite loop while writing values to the registry on each
iteration. This can happen by writing while instead of if.
It would be totally reliant on the developer to provide an installer
that knows how to remove every key their bgt script created, where as
a settings file harms noone even if it is a few MB. The registry is
something that needs to be used with lots of care, even though it is
easy to do.
On 11/21/11, Thomas Ward <thomasward1...@gmail.com> wrote:
Hi Willem,
Which are all valid points. However, as Philip mentioned he has put
restrictions in BGT to keep novis BGT developers from dumping 1000000
2048 KB of values into the registry So it sounds like Philip is aware
of the issues and is taking steps to minimize any risk of someone over
using and abusing the registry as you described.
As far as removing keys I haven't looked but it stands to reason if
BGT can create registry keys and set registry values that there should
be wrapper functions for deleting them as well. In C++ the functions
to do this is RegDeleteKeyEx and RegDeleteValueEx. If BGT has wrapper
functions for those registry functions someone can add an option to
delete keys prior to the uninstallation of the game.
Cheers!
On 11/21/11, Willem Venter <dwill...@gmail.com> wrote:
Philip, I understand your decision to include it completely, though I
still can't say I agree. Still if your paying customers request it, it
is understandable.
Kai, I did not question registry support because it was redundant. I
questioned it because Microsoft's prinsipals from which they built the
registry is flawed and dangerous. This could lead to unhappy users of
bgt games where someone for example decided to (accidentally?) dump
1000000 2048 kb values into a registry that usually has a size < 10mb.
This would have an effect on the whole operating system of the user.
There is also no way to control the automatic removal of these keys if
a user deletes the bgt script. To my mind it just didn't seem worth
the extra effort for no gain and a big risk.
---
Gamers mailing list __ Gamers@audyssey.org
If you want to leave the list, send E-mail to
gamers-unsubscr...@audyssey.org.
You can make changes or update your subscription via the web, at
http://mail.audyssey.org/mailman/listinfo/gamers_audyssey.org.
All messages are archived and can be searched and read at
http://www.mail-archive.com/gamers@audyssey.org.
If you have any questions or concerns regarding the management of the
list,
please send E-mail to gamers-ow...@audyssey.org.
---
Gamers mailing list __ Gamers@audyssey.org
If you want to leave the list, send E-mail to
gamers-unsubscr...@audyssey.org.
You can make changes or update your subscription via the web, at
http://mail.audyssey.org/mailman/listinfo/gamers_audyssey.org.
All messages are archived and can be searched and read at
http://www.mail-archive.com/gamers@audyssey.org.
If you have any questions or concerns regarding the management of the
list,
please send E-mail to gamers-ow...@audyssey.org.
---
Gamers mailing list __ Gamers@audyssey.org
If you want to leave the list, send E-mail to
gamers-unsubscr...@audyssey.org.
You can make changes or update your subscription via the web, at
http://mail.audyssey.org/mailman/listinfo/gamers_audyssey.org.
All messages are archived and can be searched and read at
http://www.mail-archive.com/gamers@audyssey.org.
If you have any questions or concerns regarding the management of the
list,
please send E-mail to gamers-ow...@audyssey.org.
---
Gamers mailing list __ Gamers@audyssey.org
If you want to leave the list, send E-mail to gamers-unsubscr...@audyssey.org.
You can make changes or update your subscription via the web, at
http://mail.audyssey.org/mailman/listinfo/gamers_audyssey.org.
All messages are archived and can be searched and read at
http://www.mail-archive.com/gamers@audyssey.org.
If you have any questions or concerns regarding the management of the list,
please send E-mail to gamers-ow...@audyssey.org.
