Vetting The Source of RPCs

Options
vreference
vreference
edited August 2011 in Photon Server
I need to be able to trust, at the very least, the validity of the identity of a server-authorized (login/pass) peer. I assume this is already handled when a connection is established and a peer is created (The server is then keeping track of the identity of that peer) but my head is kind of swimming. Can I simply use an Actor's associated avatar.ID (server-side) for incoming operations and trust that it can't be spoofed so long as I don't actually trust information from operation parameters?

Hope this makes sense - not getting much sleep lately.

Comments

  • Tobias
    Tobias admin
    Options
    I think you should implement a "authorize" operation for a peer. This should verify a session id or username/password with some DB and could be called encrypted, if you want to. Until someone is authorized, deny critical operations for this client.
    After that, you can be pretty sure that the client is the same. We identify connections by the ip:port pairs (of client and server), so this is relatively safe. If anything security-related should be done, encrypt the operation - the exchanged keys make sure it's either the "right" client or it's refused (as not de-cipherable).

Cookies,
anyone?

We use cookies and related technologies to enhance your experience, show you personalised content and analyze performance and traffic on our website. By clicking on the „Accept All“ button you consent to the use of non-functional cookies and the subsequent processing of personal data to optimize our website and services as described in more detail in our Privacy and Cookie Policy.

By clicking on the „Customize or Deny all“ button you can decide otherwise. Clicking on the „Customize“ button will take you to a page where you can configure the usage of non-functional cookies (and related technologies) or deny all of them. You can access these settings at any time and also subsequently deselect cookies at any time in the footer area of our website.

ACCEPT ALL

Cookie Overview

We use the following categories of cookies and related technologies to enhance your experience, show you personalized content, and analyze performance and traffic on our website. We respect your right to privacy and accordingly you can chose to not allow some types of cookies (and related technologies). Click on the different category sliders and change our default settings to manage your cookie settings.

For more information on the specific cookies/related technologies we use and on how we use these, please see section 15 E. of our Privacy and Cookie Policy.

ABSOLUTELY NECESSARY

Authentication cookies we use are required to run our services … Cookies are required: Link

FUNCTIONAL AND MARKETING COOKIES

These cookies collect anonymous data and allow us to optimize our website and user experience. These cookies are listed here:

ANALYTICS

Help us to understand how visitors interact with our services, enables us to analyze and improve our services (also through third party analytics).