gZany in the to-do list it says to create a block against data-browser so im sure they're working on that

      Letti42 to my knowledge i have my own which fixes databrowsers issues along with allowing multiple connections to multiple tables through simple API requests, though that'll probably stay between the people i trust to use it

      not to mention that you can stop a gamelab or applab instance from running and rewrite modified code for it to execute in the following project, if your plan is to improve upon vault or add more features to such a project then go right ahead but know that your project will always be vulnerable with enough knowledge you can make what i did

        lol i had an idea
        what if u just mak a bajillion useless keyvalues
        var chars = 'abcdefghijklmnopqrstuvwxyz1234567890QWERTYUIOPASDFGHJKLZXCVBNM';
        var c = '';
        var r = '';
        for(var i = 0; i < random(6,6); i++){
        c+=chars[floor(random(0,chars.length-1))];
        }
        for(var j = 0; j < random(5,5); j++){
        for(var i = 0; i < random(5,5); i++){
        r+=chars[floor(random(0,chars.length-1))];
        }
        r+=r+' ';
        }
        if(random(0,1)>0.5){
        setKeyValue(r,random(0,1000000000));
        }else{
        setKeyValue(r,r+c);
        }
        ugliest code i have ever written but i threw it together in about 10 minutes
        run this in ur draw function for about a minute and the data browser users will never be annoyed

        Awards

        • Ⓒ 1 from Varrience
          Comment: when clear all exists

        gZany So in every project there are three main vulnerabilities: the debug console, the data browser, and the inspect console. The debug console is how most hackers on CDO do their thing. By using the built-in debugging tools in Game Lab, or manipulating the URL, you can change variables and even edit the source code locally (which makes the if (window.getURLPath()[3] == "view") code basically useless). Vault and Xenon both are designed to block this kind of hacking.

        The data browser can be blocked easily, but (as far as I know) not through code. So at the moment, Xenon is vulnerable to data browser attacks. As @Letti42 pointed out I am working to try to fix this, but I'm not sure if it's possible.

        Then there's the inspect console, which is a debugging tool built into your web browser. It has supreme power and is basically unstoppable.

            Binary_Coder it's not possible to block data browser with code.org because trying to set hte column makes it named column1 because of the way proto works

                because proto doesnt count as a string but its an object property which disapears when set

                redacted Interesting, that's what kept happening when I tried to make a new table. Thanks for confirming that.

                  Binary_Coder New views counter (this was Jibberjay's idea) evades the "this project stores data" warning, so you can track views on a project secretly.

                  Actually, very useful! Whenever the warning pops up it's not even a warning. Code.org might as well change the warning to say 'Please hack all of this project's data using this URL: data-browser.vercel.app'

                      gZany Exactly! The warning is just begging for hackers to come by and wipe your data, so a hidden views counter can be very useful. It also only logs the number of views to the console if you’re in the editor, so no one else can see it besides you.

                      MonsterYT_DaGamer It’s a neat trick Owokoyo came up with. The warning shows up only if it detects setKeyValue() in your code, so if you write the function name as a string and break it up as ”setKey” + “Value”, you can trick the program into thinking that setKeyValue() is never called. @Jibberjay realized this would be very handy for an “invisible” views counter and wrote most of the code for it. If this is something people are interested in, I could add functions to Xenon to get and set hidden key values.

                            Binary_Coder actually i had already implemented this in an older library i have to, thing is CDO uses regex on the project to figure out if setKeyValue or getKeyValue exists, by simply referencing the instance window with the array property manager you can reference any function without having to use the full property value thus allowing the bypass to work

                              Ok so I got some important news about the security library
                              The name has officially been change to Radon
                              Don't bother asking why

                                8 days later

                                Radon is finished! Here's the library ID: mILMRqN5JUzprsVSeETMmG-flKCQrwD1xnNqpBp5oE4. The library has been updated again to fix some minor issues and add data browser protection in Game Lab.

                                Radon.remix("id"); - Add in the channel id of your project, and anyone running a remix will be notified and given the original link.
                                Radon.remix("id", true, false); - All functions for using cloud data will be disabled on remixes.
                                Radon.remix("id", true, true); - All remixes will crash instantly.
                                Radon.log(); - Tracks the views on a project without launching a "this projects stores data" warning.
                                Radon.log(42) - If the counter is hacked, it can be reset to remember the last number of views.

                                Chat