I’ve just discovered Panda3D and like the fact that everything can be scripted with python (well except shaders I guess). I have almost no experience in using languages like C, and nearly all my coding experience comes from scripting from sandbox game editors.
I would like to implement a way for end users to control certain aspects of a game by writing scripts. These scripts would provide some kind of data structure, but all function calls be restricted to a certain library. The end user should not be able to have any privileges (reading memory, writing files) outside to what is exclusively granted to them.
One way I was thinking is to import user-made python scripts after being filtered for illegal functions. Which brings up another question: how do I prevent users from cheating if they can simply edit the game code since it’s human readable? Can I compile the python scripts to bytecode and use a checksum?
There’s no reason to distribute human-readable code. Most people distribute byte-compiled code (e.g. pyc files) in one form or another. Still, that doesn’t mean people won’t be able to cheat, and at the end of the day, the only way to prevent cheating is to design your game so that it doesn’t matter what people do to the game code. Here’s an old thread on the topic:
This is actually very, very difficult to do in Python. The language itself is so powerful, that it is easy for a programmer to work around whatever safeguards you think you have put into place, and get access to the raw file I/O functions or just about anything you like. A better solution might be to design a limited language for the user to use for writing scripts, and write your own interpreter for that language. This is, of course, a lot more work than simply running Python code–it depends on how concerned you want to be about hackers.