AssetBundle 可以与您的游戏构建一起分发,但也可以从远程服务器下载。下载 AssetBundle 时,您应该采取预防措施以防止 AssetBundle 数据损坏以及恶意行为者的攻击。尽管 AssetBundle 不能包含可执行代码,但更改序列化数据可能允许攻击者利用游戏代码或 Unity 运行时中的漏洞。
UnityWebRequest 和 WWW 可用于从互联网下载并缓存 AssetBundle。使用这些系统时,您应该在 URL 中使用 HTTPS 协议。HTTP 并不安全,容易受到中间人恶意攻击。
在 AssetBundle 构建过程中将生成 32 位校验和。当您通过 AssetBundle 加载 API 提供此 CRC 时,加载系统会在加载之前计算 AssetBundle 的校验和。如果 AssetBundle 的 CRC 与提供的 CRC 不匹配,则不会加载 AssetBundle。检查 CRC 可确保 AssetBundle 数据在构建后未被损坏或篡改。
如果您允许用户上传分发给其他玩家的内容(用户生成的内容),则您有责任过滤此数据中的不当或恶意内容。我们不建议您让用户构建和上传二进制 AssetBundle 文件。最好让您的用户上传他们的源资源,并让您(开发人员)为他们构建 AssetBundle 二进制文件。这将使您更容易通过手动和自动流程过滤掉恶意或不适当的内容。如果您升级到更高的 Unity 版本,这样还可以让您根据需要重建 AssetBundle。
Did you find this page useful? Please give it a rating:
Thanks for rating this page!
What kind of problem would you like to report?
Thanks for letting us know! This page has been marked for review based on your feedback.
If you have time, you can provide more information to help us fix the problem faster.
Provide more information
You've told us this page needs code samples. If you'd like to help us further, you could provide a code sample, or tell us about what kind of code sample you'd like to see:
You've told us there are code samples on this page which don't work. If you know how to fix it, or have something better we could use instead, please let us know:
You've told us there is information missing from this page. Please tell us more about what's missing:
You've told us there is incorrect information on this page. If you know what we should change to make it correct, please tell us:
You've told us this page has unclear or confusing information. Please tell us more about what you found unclear or confusing, or let us know how we could make it clearer:
You've told us there is a spelling or grammar error on this page. Please tell us what's wrong:
You've told us this page has a problem. Please tell us more about what's wrong:
Thank you for helping to make the Unity documentation better!
Your feedback has been submitted as a ticket for our documentation team to review.
We are not able to reply to every ticket submitted.