Hi, I have some newb questions about external scripts before attempting to dive in:
-Can an external script be accessed in my code just like any other script in my project? (Can my code read/set its variables etc)
-Can the external scripts be modified in any way by the end user (I want my external script to be a fairly secure piece of code that Playcanvas users can use, but can’t actually edit themselves.).
-If so is there some way I can prevent users modifying variables in the external script?
Generally, yes. There may be some nuance here but JS files can be attached to the page in many different ways.
Depends on what you mean by ‘modify’.
Where are you storing them for hosting? If the user doesn’t have write access, the file on the server/host can’t be modified. However, it doesn’t stop the user from adding/modifying code on the webpage on their local browser.
It’s very difficult. There are obfuscators like this https://obfuscator.io/ that can make it as hard as possible for a user to modify the code/app locally in the browser but not impossible.
Cheers. My client wants to do some calculations from the game during runtime and send them to their server. I just don’t want those calculations to be modified ‘easily’ by a Playcanvas user before they get sent. I want the data to be sent to be unmodified.
Only if they know how the values are applied to the calculation. I’m not sure what the app is but there could also be some sort of validation data that is hard to do by hand (eg moves for a game) and the server can validate it on its end.