Can we prevent users from changing .ini config files

You can encrypt Pak ini files in project settings if that’s what you’re looking for.

Is there an easy way to prevent users from changing some or all parameters from the .ini config files?
The reason behind this is to make sure no user can cheat by simply changing those files.

Thanks for your answer. The issue with this option is that it encrypts all ini files. It would be nice to have the possibility to disable specific .ini files (Engine.ini for example), while keeping others as it is. But seems like this is not doable at the moment.

I’ve tried this, but it doesn’t prevent players from changing the values by putting an plain .ini file in the game’s saved/config directory which will override the values in the pak, encrypted or not.

No matter what you do, you can unpack those encrypted files or hack the values either directly in the ini or in the game. There is no way to prevent that. You can consider any modifications to be allowed client side, let them hack all they want. If it’s a game played over the network then you need server side validation (protection), because the client will always be able to modify anything.

This is just a fact about computing (I mean, you’re right) but it doesn’t answer the question. It’s known that absolute protection is impossible.

I still need to prevent them from changing the values in a configuration file. If they go as far as to edit the game executable, decrypt the pak, or tamper with the RAM, that’s beyond my threat model. I just need people to not be able to drop an .ini file edit they found on a forum into %LOCALAPPDATA% and cause problems.

Basically, I only need to make it difficult.

These are settings that should only be changed by the development team. They’d be fine to hardcode, but this is a plugin and I can’t rely on any particular project structure.

1 Like

I don’t know if that is possible. You could include a hardcoded version number in your .ini file that is compared to your game version by the code reading that ini file. If there is a version mismatch (a user copying an old ini from a forum) you assert the code or reset the ini from code. You could also verify the data in the ini through your code and remove or upgrade any invalid / outdated data.

Perhaps the most messy cases of hijacking ini data (and people screwing up the engine) was with the Elder Scrolls and Fallout series in the past 20 years. All the same engine and people posting 30 lines of what would be optimizations or mod requirements. The engine never bothered to counter this though. I think if it failed to start up a few times it would just reset the inis (bug or feature, it’s Bethesda.). Such resets are not uncommon. I’ve even noticed them lately after NVIDIA driver updates, or big updates to game features (horizon zero dawn), my ingame graphics settings reset.