Hello there.
I have uploaded the html5 game files to a private server. It is actually uploaded to a sub-directory. Now, I want the players to access only the index.html file but restrict them from opening any other files in the directory by accessing them through a URL. How can I achieve this using the .htaccess file? Or, is there any different method to achieve this for security reasons?
Let’s be honest, anyone who is an expert programmer or knows some tricks, can easily access the source code of the game and download its assets and other items or do something unnecessary. So, how can I protect my files and the server from potential threats if I am uploading the game into my own server?
You cannot.
The assets are not included in the build just for people to rip them, the game actually needs to download the images to display them 
As long as you want the image to be actually shown in the game, they must be present in a readable (& therefore copyable) shape or form.
As for the code, it is compiled from the events into optimized JavaScript code. That code is not easily human readable, it takes an expert in GDevelop code generation & JavaScript API, and even then it takes minutes to read out a single event.
3 Likes
Suppose, I have stored the game files in the “example.com/game/” directory and players can access the game through “example.com/game/index.html”.
General users don’t have any idea about this or they don’t care, they are just there to enjoy the game. But, let’s say, I have a png file called player.png and it is stored in the “example.com/game/player.png” directory.
Now, there comes a guy who changes the URL in the browser from “example.com/game/index.html” to “example.com/game/player.png” ; will he be able to access the file or will he be restricted to open the file?
One more question, do I need to upload the whole exported files from GDevelop into the server or just the index.html? I have uploaded the whole file there. If I upload just the index.html, will it fetch the game data that is stored from the third-party server, or let’s say, do I have to upload entire files into my own server?
One more question, let’s say, I uploaded entire files into my own server, but changed their permissions, maybe using htaccess or file permissions manually changed, to restrict them from general users access, let’s say, I restricted those files completely using some kind of methods, except for the index.html file allowing general public access to it, will it break the game or the game will still work? Like, I will setup rules in the server to restrict an anonymous person to visit the game file URL through the browser, but not restrict the index.html file, the game will still work through the index.html? Silly question but curious to know.
As I was saying, the images are not just there for people to rip them, bur necessary to be displayed by the game. Yes people can access your assets, no, you cannot prevent that in any way.
