WebRPC - how to send secure?

Options
Rusildo
Rusildo
in Photon Unity Networking (PUN)
The document says:
This can be done by setting the appropriate webflag (SendSecure = 0x02) when calling the WebRPC operation method from client code. https://doc.photonengine.com/en/realtime/current/reference/webrpc
How can I set this webflag?

Comments

  • JohnTube
    JohnTube ✭✭✭✭✭
    edited March 2016
    Options
    Hi @Rusildo,

    Currently WebFlags are not implemented client side, it will be available in the next update.
    However you can easily tweak OpWebRPC code to add this feature:
    you just need to send a byte parameter with key = ParameterCode.EventForward 234 and value = SendAuthCookie 0x02. Here is how:

    PhotonNetwork.cs
    before 
    public static bool WebRpc(string name, object parameters)
    {
        return networkingPeer.WebRpc(name, parameters);
    }
    after 
    public static bool WebRpc(string name, object parameters, bool sendAuthCookie = false)
    {
        return networkingPeer.WebRpc(name, parameters, sendAuthCookie);
    }
    NetworkingPeer.cs
    before 
    public bool WebRpc(string uriPath, object parameters)
    {
        Dictionary<byte, object> opParameters = new Dictionary<byte, object>();
        opParameters.Add(ParameterCode.UriPath, uriPath);
        opParameters.Add(ParameterCode.WebRpcParameters, parameters);
        return this.OpCustom(OperationCode.WebRpc, opParameters, true);
    }
    after 
    public bool WebRpc(string uriPath, object parameters, bool sendAuthCookie)
    {
        Dictionary<byte, object> opParameters = new Dictionary<byte, object>();
        opParameters.Add(ParameterCode.UriPath, uriPath);
        opParameters.Add(ParameterCode.WebRpcParameters, parameters);
        if (sendAuthCookie)
        {
            opParameters.Add(ParameterCode.EventForward, (byte)0x02);
        }
        return this.OpCustom(OperationCode.WebRpc, opParameters, true);
    }
  • juniordiscart
    juniordiscart
    Options
    Hi @JohnTube

    My apologies for reviving an old thread, but I have a question related to this as well.
    It seems that we still have to manually add your suggested code, as it is still not available in the newer versions of PUN? Not that this is much of a problem, just wondering whether this was a bit forgotten... ;)

    However, I have a question about sending data securely over a WebRPC call. What does the AuthCookie do? I assume that it forwards the AuthCookie assigned for that player at the server along with the WebRPC call when the PUN server receives the WebRPC call?

    But does this prevent a malicious player from sending a similar packet with adjusted values? Or are the WebRPC packets encrypted?
    For example: there's a tournament running in the game where a player sends his score to our webserver after finishing a matchup. Is the data protected from the player in the sense that he can monitor his packet stream, copy the packet, altering his score and sending the request again?
    If the packets are not secured, do you have any suggestions for securing the data in them?

    Kind regards and thanks!
  • JohnTube
    JohnTube ✭✭✭✭✭
    edited February 2017
    Options
    Hi @juniordiscart,

    AuthCookie is what you return from web service to Photon server in the custom authentication response.
    It will not be available from client.
    Yes the AuthCookie is encrypted.
    When you set AuthCookie web flag in WebRPC or some other operations that can forward webhooks, the AuthCookie of the respective player will be sent from Photon Server back to your web service to verify the identity of the player and make sure the origin of the request is Photon Server.

Cookies,
anyone?

We use cookies and related technologies to enhance your experience, show you personalised content and analyze performance and traffic on our website. By clicking on the „Accept All“ button you consent to the use of non-functional cookies and the subsequent processing of personal data to optimize our website and services as described in more detail in our Privacy and Cookie Policy.

By clicking on the „Customize or Deny all“ button you can decide otherwise. Clicking on the „Customize“ button will take you to a page where you can configure the usage of non-functional cookies (and related technologies) or deny all of them. You can access these settings at any time and also subsequently deselect cookies at any time in the footer area of our website.

ACCEPT ALL

Cookie Overview

We use the following categories of cookies and related technologies to enhance your experience, show you personalized content, and analyze performance and traffic on our website. We respect your right to privacy and accordingly you can chose to not allow some types of cookies (and related technologies). Click on the different category sliders and change our default settings to manage your cookie settings.

For more information on the specific cookies/related technologies we use and on how we use these, please see section 15 E. of our Privacy and Cookie Policy.

ABSOLUTELY NECESSARY

Authentication cookies we use are required to run our services … Cookies are required: Link

FUNCTIONAL AND MARKETING COOKIES

These cookies collect anonymous data and allow us to optimize our website and user experience. These cookies are listed here:

ANALYTICS

Help us to understand how visitors interact with our services, enables us to analyze and improve our services (also through third party analytics).