Topic: File I/O Plugin?

[RickJ]

I thought there was a plugin that would allow file write to any path and to do other OS things? I have searched the forums and have come up empty.  Anyone know of anything that may be helpful or interested in collaborating on a new plugin?

[Deu2000]

Have you searched in the manual? http://www.adventuregamestudio.co.uk/manual/File%20functions%20and%20properties.htm

[Crimson Wizard]

RickJ just got RTFM note

Have you searched in the manual? http://www.adventuregamestudio.co.uk/manual/File%20functions%20and%20properties.htm

Those functions do not let write to any path, just to certain folders.

IMPORTANT: If you open the file for writing, then you can ONLY work with files in the game directory. You CANNOT use a path, so any filename with "" or "/" in it will automatically be rejected, for security reasons.

 The only exception to this rule is the special tag $SAVEGAMEDIR$, which allows you to access files in the save game directory. This is especially important with the move to Windows Vista, in which you may not have access to the main game folder. You can use the $SAVEGAMEDIR$ tag to write and read files from the current Saved Game directory, which will always be writable. An example is below.

[RickJ]

I read the manual and know about that imitation very well.  I did ask about a "plugin" didn't I.   I have such a plugin but it was written some 10 years ago and don't have the source for it.  I don't know if it still works or not or not.  I thought there was some discussion about this a while ago and that perhaps something came of it or if not, perhaps someone may have a similar interest. 

If you can't reply without being an ASS then please just move along!   

So if there us anyone interested in collaborating on an OS plugin that would make file access and other OS functions available via AGS script please get in touch.

[DoorKnobHandle]

The problem with a plugin like this, and I've mentioned this somewhere before, is that it's a huge security liability. If you allow game creators to write files to anywhere on the hard-drive, they can easily create malware using AGS. That's the reason why AGS is limited to writing to its own directory, that way you KNOW that any AGS game that you download is at least never going to mess anything up as far as your computer and OS is concerned, no matter how bad it might or might not be. :p

[JJS]

You can never be sure what a plugin does. Also the "write everywhere" could be achieved by writing the file to an accessible directory and then using the ags_shell plugin to copy it to the final location. Since that plugin can run any command it is already such a big security risk that the risk added with this plugin wouldn't matter imho.

E: If run with standard user permissions, the plugin should not be able to destroy the operating system. Destroying user data is possible of course.

[DoorKnobHandle]

There's certainly a security problem in the sense that plugins can already contain malicious code. But with plugins, especially ones that have already been tested by the community and, more importantly, are made by people with established names and history around here, you can be reasonably sure not to run into problems. The danger multiplies greatly, however, when you give the game authors (who will, as opposed to the plugin authors, oftentimes not be familiar or integrated in the community, or use a fake account) easy access to mess with the data on your hard-drive. That's what I'd be extremely careful about and I know that CJ justified the decision to limit the file handling in AGS to its own directory for the same reason.

[RickJ]

@dkh, thanks for your thoughtful replay.

I am familiar with the security concern as it has been debated on the past decade many times. While there is some merit to this point of view, IMHO, this an obstacle only to 14yr script kiddies.  Anyone with a little programming skill could make a malicious plugin or engine hack and do far worse.  The more recent versions of windows do not allow unfettered writing to folders containing OS and program files without a password anyway.   

In any case, none of this is relevant to my current application of AGS.  I have a need for the functionality and wanted to know if anyone has done any similar work or has any such interest before I go off re-inventing the wheel.

@JJS:  ags_shell sounds like it is part of what I am looking for.  I'll go check it out.   Thanks

I think a bigger security concern ought to be the possibility of someone infesting the AGS engine/editor with malware so that every game produced would be a Typhoid Mary.  We don't have in place a formal process or procedure for detecting this kind of thing do we?