Its me again with my bizarre forum posts. This time I want to discuss a huge security flaw with construct's multiplayer object, and the potential damage that can follow if the security flaw isn't fixed.

We all know that multiplayer can be used to send messages across different devices. That's the entire premise of the feature. However, despite its primary use being to transmit data packages across different devices to synchronize player characters and other game instances, it can also be used with malicious intent.

Take for instance, a fake game sent to a client PC. Multiplayer connects, and the host PC can now send remote code execution to the client PC via "broadcasting multiplayer messages", which when paired up with construct's built-in Javascript feature (that can be used to execute commands on a computer and interact with it in many ways,) creates one hell of a malware program.

Multiplayer can then be paired with other features of construct, such as geolocation and camera, making for an even more dangerous tool. With the recent addition of file transfers to the Multiplayer instance, construct can, and most likely will if placed in the wrong hands, be used for malicious intent as a remote access trojan.

And the cherry on top is that construct programs are trusted software. Essentially, this means that no antivirus will flag or even suspect a construct-exported application to be malware.

I dont know how this was overlooked, but it is a big, BIG security flaw that can cause severe damage to not only individual client PC's, but to the trust and reputation of Scirra. Please, take this message from a game developer and penetration tester and fix the multiplayer security flaws.

Thank you.

The platformer behavior is great with its many functions, but one issue that I see is momentum transferring. When the platformer behavior is set to "disabled" via events while the object under the influence of the behavior is moving, said object stops. Simple. Then, enabling the behavior again, a small bit of movement carries over from before the object's platformer was disabled.

This is a big issue for platforming games that rely on pixel-perfect platforming after preforming events which require platforming to be disabled (personal experience, this is why I'm writing it)

is there a way to implement a "stop" feature where any momentum gathered before is voided? If so, I'd appreciate either a fix or some help with making a makeshift momentum stopper.

Currently, the default construct signaling server of wss:\\multiplayer.construct.net creates a ton of lag, and I can't find a workaround to host my own. Anybody got solutions to this?

I'm making an antivirus in construct, via nwjs and generic javascript and some batch files. In most antiviruses or utility apps, closing the app via clicking on the close button of the window doesn't actually close it but hides it, only to be revealed once pressing the tray icon.

I've got the tray icon settled, but how do I override the close button?

Im making a game with many objects used as walls, so to optimize performance i need them to be a tilemap. However, no matter what I do the tiles wont erase with any method. Help would be appreciated!

Over my... what, 5 years of using construct throughout various accounts, two things always were of concern.

One: In-editor project search bar

Searching for object types and sounds in the projects tab using it's built-in search bar is undoubtedly a key feature and is very useful. However, when a developer doesn't clear the current searched text, adding a new object type will not make it appear in the layout at all, but does add it into the object types folder. Why this happens? No idea, but it is a bug that I believe should be fixed.

Two: Copyright on addons

A lot of websites with community-added files have copyright attributions, but construct's addons do not. This leaves me (and as I've seen, others), having to ask the owner of the addon whether or not it is attribution 4 or lower. This is just something I noticed, and could potentially prevent unwanted copyright strikes.

Jeez, I sounded quite nerdy there, but Construct Team, please do at least consider these features. Bye.

So i've made a game but i want it to be cross platform. I have zero experience with macs, so idk how to run the game after exporting for mac64 and mac64-arm using nwjs.

Help anyone?

Is it even possible in the first place? If so, then how? i don't see a way to do it at the moment. Any help would be appreciated.

Ive been thinking that some players may have made visual novels but have no idea where to put them on the arcade, as such genre doesnt exist there. Perhaps scirra could add a Visual Novel genre to the arcade?

i guess that does work. thanks!

I need a name for my B&W rouge-like game thats heavily related with void. any ideas, folks?

this looks like a game my friend would make

cute