securing a non-authorative server?
Options
Hi all, I'm using Photon Server + Unity C# client to build a social multiplayer turn-based game. The server will be non-authorative (to fit my existing game architecture, as well for better scalability)
Any guidelines or rules for how to secure the non-authorative server? By secure I mean- anything to prevent people from spoofing or rigging the game just by connecting with a photon client and sending forged operation requests?
One idea I had was to include a SHA checksum in an authentication step before the gameplay starts. The checksum which is generated from some stuff like the device + user + salt.
That would hopefully make it rather inconvenient to spoof the custom operation requests. However, someone could still decompile the .NET code and learn what it's doing
Any guidelines or rules for how to secure the non-authorative server? By secure I mean- anything to prevent people from spoofing or rigging the game just by connecting with a photon client and sending forged operation requests?
One idea I had was to include a SHA checksum in an authentication step before the gameplay starts. The checksum which is generated from some stuff like the device + user + salt.
That would hopefully make it rather inconvenient to spoof the custom operation requests. However, someone could still decompile the .NET code and learn what it's doing
0
Comments
-
You can't do unspoofable security on the client side only. This isn't exclusive to Photon, its just impossible.0
-
Thanks- yep of course by definition, it's non-authorative. But tautology aside, there are definitely things that can be done to make life *difficult* for those who might try to spoof or cheat. Just looking for ideas along those lines.0
