Question Serialization for game

ghostintheshell

New member
Joined
Nov 21, 2020
Messages
2
Programming Experience
1-3
Hello.
I want to serialize the data in game to save to disk and send over the network, also need support old version (If added new properties that were not in serialization, set the default values). Sending data over the BinaryFormatter is not secure. xml weighs a lot and how json does not support reference types (if there are multiple references to an object then after deserialization it will be different objects)
I do not want to write a serialization and deserialization method for each object because it is difficult to support. getting metadata using System.Reflection cannot guarantee the same order . Adding attributes to all properties also seems wrong. how to solve this?
 

Sheepings

Retired Programmer
Staff member
Joined
Sep 5, 2018
Messages
1,801
Location
UK
Programming Experience
10+
I want to serialize the data in game to save to disk and send over the network, also need support old version (If added new properties that were not in serialization, set the default values).
Ask anybody to read that and see if they understand what you are describing. Because I don't.

You come in mid sentence and start talking like we already know what you are doing.

I do not want to write a serialization and deserialization method for each object because it is difficult to support. getting metadata using System.Reflection cannot guarantee the same order . Adding attributes to all properties also seems wrong. how to solve this?
Ehh jee Bob, maybe show us some of that code you are using, and explain the problem you are having in more elaborate and precise detail, and while you are at it, explain the code you have and the provocative problem you are facing which makes serialisation and deserialisation difficult.

It is my theory at this point that you have wrote some hideous classes and quite likely violated the SRP rule and hence makes it complicated to serialise and deserialise class objects for yourself.
 

ghostintheshell

New member
Joined
Nov 21, 2020
Messages
2
Programming Experience
1-3
C#:
void Serialize(BinaryWriter writer)
{
    writer.Write(property1);
    writer.Write(property2);
    writer.Write(property3);
    writer.Write(refProperty.Id);
}

void Deserialize(BinaryReader reader)
{
    property1 = reader.ReadInt32();
    property2 = reader.ReadShort();
    property3 = reader.ReadBool();
    refProperty = GetObjectById(reader.ReadInt32());
}

It is my theory at this point that you have wrote some hideous classes and quite likely violated the SRP rule and hence makes it complicated to serialise and deserialise class objects for yourself.
Yes. It violated the SRP and therefore it is another 1 reason not to write like this.
 

Skydiver

Staff member
Joined
Apr 6, 2019
Messages
2,135
Location
Chesapeake, VA
Programming Experience
10+
Sending data over the BinaryFormatter is not secure.
Can you explain what security issue you are having with the binary formatter? Are you talking about the typical Java (and C#) blind instantiation of an object from an "untrusted" source? If so, then you have to ensure that it is a trusted source: secure the stream end-to-end; add some kind of envelope which helps you validate that the data in the stream has not been tampered with; do some basic whitelisting of what kinds of objects can be serialized and deserialized from the stream; etc.
 

Sheepings

Retired Programmer
Staff member
Joined
Sep 5, 2018
Messages
1,801
Location
UK
Programming Experience
10+
That doesn't show us a lot about your predicament. It all comes down to constructing decent well structured classes to serve your purpose and meet your needs. Don't over complicate things. Where in the above code do you verify your data to ensure it hasn't been tampered with? How does your client communicate with its server/or other data stream, VIA what means? As Skydiver is dropping tips with the envelope suggestion, you could consider such envelope as encrypting your data. In the end, if you want your data to be "untampered" - consider using anti-tamper libs instead, as there is no point reinventing the wheel. Also what did you mean here, specifically the part in brackets :
xml weighs a lot and how json does not support reference types (if there are multiple references to an object then after deserialization it will be different objects)
How would the object be different? An object is as it was first defined. Each instance may have different values, but they all have the same structure they were compiled with. It sounds like you've over-complicated whatever it is you're trying to do.
 
Top Bottom