Using Binary Formatter is NOT recommended because it has potential security risks which you can read in the official Microsoft documentation:
I personally think this should be very clearly and explicitly stated within the video.
Thankfully I have seen that @Brian_Trotter has created a tutorial that expands upon this saving system that converts it into JSON which I will be following after completing the RPG course.
Link to his tutorial:
I saw this topic and had already copied the address to my Json Saving system, and I see you’ve already cleverly linked it.
I’ve been waiting for official publication of this to work out kinks (what you see now is the 3rd revision of the system. I do think it’s ready, though, so likely this will be in the form of an addendum at the end of the Saving System sections.
For the purposes of prototyping, before you’re shipping the game out to others (that’s the point where we lose control of the save file), the BinaryFormatter is, while not ideal, not terribly dangerous. Once the game is published, and especially if you set up a system where the save file is served from the cloud, then the circle of trust is broken and BinaryFormatter isn’t safe. My Json system will not instantiate any classes when it’s decoded, that all must be done with RestoreState, we we have control over what we instantiate.
On the lower end of intermediate here, what exactly can happen in layman’s terms if a published game were to use the save system here? Is there a saving asset pack equivalent with the fixes for someone who isn’t advanced enough to follow this part of the course? When would there likely be an addendum to the section?
While the risk is relatively low, it is not non-existent.
A hacker could intercept the save file, say stored in an off site server, and inject new data into the save file. Because of the way BinaryFormatter works, that data could be unwittingly used to embed viruses or trojans onto the system decoding the save file. Perhaps a keylogger that might then intercept keystrokes to get passwords… a virus to disrupt the machine… a back door to allow hackers to gain entry to the system and steal data…
For single player games where the save file never leaves the player’s system, this risk is so trivial, that it could be considered non-existent. The circle of trust is very small (that player computer), the file is never sent out onto the interwebs, and any malicious program that would be able to locate the file in the first place has already infected your system!!!.
For multi-player games, or games that use cloud storage, the risk is much more significant. The good news is that by the time you’re ready to code cloud storage into your game, it’s likely you’ll understand my tutorial quite easily.