Hello Guys,
I’m developing a unity game and I ran into some security concerns about the database connection. I allready have a PHP script doing the authentication stuff, and while this keeps unauthorized users at distance, I’m unsure about the connected users. Because everyone is mentioning how easy it is to decompile a .NET solution, I would like to know: How do you verify an update? Right now my plan is to save the inventory/new loot at the end of a ‘mission’, because it’s correlent with the games design. So I’d like to update a string field (maybe a bit array or something else, but that’s not relevant right now) with my new inventory and add the new items to the main inventory in the database. With the PHP-Script I need to pass at least an id, the player assoziative id and the amount. So when anyone can decompile my game, the logical consequence is that they can simply call the functions on my script and cheat their inventory.
My question is now: How do I make the database connection secure against cheating?