#ResourceLoader and ResourceSaver security

I've been trying to implement save systems for a creature collector rpg. Each creature would be its own .tres that comes from a class that extends resource.

I've heard a lot of things about how using resources to save is insecure due to the ability to run additional malicious script if the files are tampered with, and to use encrypted JSON or other secure methods.

My question is, does anybody have any thorough tutorials on how to save and load objects/resources in godot? I don't mean barebones how to save a position.x and position.y in a JSON because I know that much. I want to know how resources can be saved and loaded through JSON without any security concerns, or if there is a secure way to ResourceSaver and ResourceLoader.

Or, if you have personal experience with save systems, do you just use those functions without doing anything special? At this point, I just want to know what I should do to keep my project moving forward.

The problem with resources is also what makes them so handy, they can include scripts that can be executed directly, instead of being raw data like JSON.

Inspired by your question i did a bit of research because this is a relevant question for my project aswell. I found this interesting github issue: https://github.com/godotengine/godot-proposals/issues/4925

You could for example strip the ability to include scripts in resource files, this is the approach used in this addon: https://godotengine.org/asset-library/asset/2249

If you choose to go for JSON instead, you pretty much just have to load your data and insert a few ifs to check if it's the data you're expecting.

I know you asked for a thorough tutorial, so i apologize if this isn't a satisfying reply 🙂