I have a security question, I will try to explain to the best of my ability, but I am quite a novice in security matters.
I have an multiplayer online game, with a dedicated server. And I would like players to send me a simple godot exported scene, with a node containing a 3d object (.obj).
That scene, I would send it to the other players to load in their session.
The question I have is that this circuit may have security problems. Could malicious code be injected into the scene? From what I understand, in the .obj, if I control its load, if they inject code I can block it. But in a scene file I don't know.
Of course, I would control that the scene does not contain any other node or script, that is not for example a Spatial node, with an .obj object and a texture for example. If I didn't meet that requirement, I wouldn't send it to the players.
And in the event that it was a more complex scene? for example with some lights or something. Always considering the scene without scripts.