Cloud Console Opt in

[MatzE-sch]

first of all: thanks for the amazing game! Lots of fun :D
and thanks for the enormous mod friendliness.

Description

By default the game accepts code from the cloud. I think that's kind of scary. There is no need to have this enabled by default.
If I understand correctly, you have to trust the server. I think this is unnecessary.

Solution

in the settings > advanced window could be a checkbox to allow code from the cloud.
every mod developer can go this small extra step in my opinion

Alternatives

I see the great potential of this cloud modding / debugging feature and don't want it gone.

Additional context

some mockup code i imagine:

def cloud_console_exec(code: str) -> None:
    """Called by the cloud console to run code in the logic thread."""
    if not settings.enable_cloud_console:
        print('Cloud Console code is disabled by the client.\
        Go to Settings > Advanced to enable it')
        return
    ...

[efroemling]

This is a great idea. I think it should also apply to workspaces since that can also allow 'the cloud' to run code on the local device even if it's a bit more roundabout. I think things on the technical side are in a decently secure state right now (the app should only be trusting stuff coming from a secure connection to ballistica.net) but it would be good to guard against social engineering sort of attacks too. ("hey stranger; log in with this username/password and check out my cool mods!")

Maybe the app can keep a list of which account ids are 'trusted' and pop up a big scary allow/disallow dialog before allowing cloud-console commands or workspace syncing from a not-yet-trusted account-id?.. or any thoughts on a better mechanism?