… and we all know one of those managers to say ‘no’ despite it all.
how many times have managers, despite better knowing developers saying otherwise, refused to listen? how many companies have done acts or created policies that do nothing but hurt their customer base?
maybe there are security holes that could get opened by it… maybe its perfectly safe and perfect and it can be secured and sealed seamlessly. or maybe, just maybe, despite the latter part, the people in power say ‘no’ and thats the end of it?
and on the other hand, a security hole could be as obscure as can be. let say if you load this script, it parses this variable at exactly this point which makes a wait function wait for 0 seconds and makes the server process a infinite loop. do it about a hundred times and you got the server slowed down to a crawl. this is me just making stuff up out of the top of my head.
im no professional programmer or game developer… i do it for a hobby, and i have little experience with handling malicious user data and protecting against it.
however, i have read many stories how a company (with a team of professional ITs) have had a security breach with a very obscure bug. twitter had its self tweeting tweet for example, and Linux has had a number of its own exploits. heck, Specter and Meltdown are exploits that affect your processor on the hardware level, and have been found working on nearly every processor used today, till the processors way back when we ran dos.
those are all extreme cases… point is, it doesn’t seem so easy to just ‘filter’ it all out. currently, the workshop holds your hand in every single way. you cant type in your own functions, you cant enter your own values, heck you cant even write your own strings. all you can do is press a button, ask the workshop to write a certain value into it, which it checks against known limits, and corrects if it gets exceeded.
if text import and export is a thing, then the workshop loses that control. it no longer holds your hand, and it now has to deal with a pile of data at once. one wrong move or one obscure bug might slip in, and expose the public servers to anything from the most harmless of glitches to deep exploits that can give security breaches.
yes, for a professional developer, game designer or just a more expirienced programmer, you might think you know a flawless way to quarantine it all, but to a manager, it sounds risky, and its better not to sway the odds. the servers for overwatch were never designed with scripting in mind, and thus are more vulnerable than games that have modding capabilities built into them