Photon data flow and informational security

Hey!

We're making an application using PUN, but we need to take data security seriously so we can ensure our customers that their sessions are completely private. Because of this I need to understand exactly how the data flow in photon is designed. So basically, a couple of questions:

1. If we use Photon Cloud as the master server, is some of the data synched directly between the users, does all the data travel through the master server, or how does it exactly work? Especially interested in knowing how it goes with Photon Voice.
2. If we choose to host our own master server, what do we need to do to ensure that sessions (rooms) remain completely private and self contained? Is there any chance that people connected to the same master server might have access to a room they're not supposed to have access into? (We manually assign rooms based on online data.) Basically we're debating if for proper informational security we would need to host a separate master server for all of our customers. That would get quite clunky to manage, so that's why I need this information

Hoping for a proper answer, we really like your tech and how easy it is to use, but we need to know this before we can fully commit into it. Thanks in advance! :)

Comments

  • I am also interested in what data is relayed through the Photon server and what is not. Could someone from Exit Games please provide some under-the-hood information on this?

    In general, it would be great if there would be some more detailed information available on how PUN works under the hood..
  • JohnTube
    JohnTube ✭✭✭✭✭
    edited March 2019
    Hi @iikka,

    Thank you for choosing Photon and sorry for the delay!

    Hi @jarileon,

    I will answer @iikka's questions and I think it also answers yours.

    ---

    1. Photon Server is always a relay, client sends to the server then the server sends to client(s). Nothing is exchanged between clients directly. On Master Server, clients can't even communicate with other clients at all. Clients can communicate only when joined to rooms on Game Server. This is the case for PUN, Photon Realtime and Photon Voice since they all use the same LoadBalancing server application and client API. Photon Chat has a different architecture but clients also do not communicate with each other directly but only via Photon Server. Client to client direct communication is possible with Photon Bolt only but not in the other products.
    2. Master Server keeps the list of rooms. The client can access that list of rooms in some cases. You can restrict access to rooms list or their respective lobby data by creating private rooms and using a lobby that does not offer rooms listing. However, a client who has the room name can join it if the room is not full and not closed. You can make use of Expected Users (Slot Reservation) to make sure only clients with predefined UserIds can join a room. On the server side of things, like custom Game Server Plugins, you can have more control over things.

    Read more about LoadBalancing application here.

  • Hey!

    Thanks for taking the time to reply, as this information is very important for us.

    "On Master Server, clients can't even communicate with other clients at all. Clients can communicate only when joined to rooms on Game Server."

    So basically when you're connected to just Master Server, you don't know anything about any other client. Then once you've joined a room and are on a Game Server, then all of Photon Voice data is sent to the Game Server and then the Game Server sends it to all of the users in the same room?

    "The client can access that list of rooms in some cases. You can restrict access to rooms list or their respective lobby data by creating private rooms and using a lobby that does not offer rooms listing."

    This is the line of code we use for joining a room: PhotonNetwork.JoinOrCreateRoom(roomName, new RoomOptions { MaxPlayers = 20, IsVisible = false }, TypedLobby.Default);

    The "IsVisible=false" section should hide it from other users, yes? We don't ever have a public lobby visible, the way our app is setup is that you log on using your account details (not related to photon at all, we have our own backend), and based on data in those details you're creating a room or joining an existing one if people with similar account data are already having a session. Even with this setup, do you think it'd be possible for someone to hack our app and somehow be able to fetch a list of all on-going sessions and joining a session they're not supposed to join?

    If you yourself had to make an application with proper informational security, would you be confident in this sort of a setup where all the users join the same master server, or would we need to host multiple master servers just to be safe?
  • JohnTube
    JohnTube ✭✭✭✭✭
    edited March 2019
    Hi @iikka,

    So basically when you're connected to just Master Server, you don't know anything about any other client.
    Using FindFriends operation you can get information about a connected user using his UserId, This information can include the room name if the user is joined to one and even if it's invisible in the lobby. So if you have a valid UserId you can see when the user is online and whether or not he's joined to a room and which room.

    you log on using your account details (not related to photon at all, we have our own backend)
    You can integrate that with Photon Custom Authentication.

    Even with this setup, do you think it'd be possible for someone to hack our app and somehow be able to fetch a list of all on-going sessions and joining a session they're not supposed to join?
    I don't think it's possible. Worst case scenario: a hacker may get room names or UserIDs from another client if both are connected to the same network; a hacker can sniff packets and inspect them. But you can make this harder using encryption.

    I think it's safe to use a single master server if the user can't guess restricted room names or UserIDs.
    Of course, having multiple master servers is safer and better performance wise.
    And if you going to self-host you can make changes to the code to make sure you're even safer.