I’ve been programming a multiplayer game, which will be only a social Game, where you run around dress up your character and such. In order to determine who the player is and what Inventory belongs to him or whatever, I have programmed a login function. to make it save, i’ve made that the Client sends his (MD5 encrypted) Login Data to the Server, then the Server calls a WWW function to a .php file, which checks, if the given login data is correct(using a mysql database).
Everything is pretty much working… Even the movement is getting updated and so do the animations.
I’m only using RPCs to comunicate between the Client and Server… I’ve now found out, that you can actually run ANY code with ANY Client on my Server with an RPC, which pretty much sucks… Somebody could disconnect the Server or do even worse things!
I’ve been searching over the Net for help, I have indeed found several things, such as using Photon, but 1. they are expensive for me 2. I dont have that much to secure after all! Something more basic should work, too! I don’t really care if anybody is running around with speed hack or is teleporting himself, as long as they can’t fool the login validation. (Which i will call again if they want to modifiy the Inventory.)
Well… then ive found this here Unity - Scripting API: MonoBehaviour.OnSerializeNetworkView(BitStream,NetworkMessageInfo)
If i understood the function right, it only sends Variables across the Network. Sounds pretty secure to me, if i would disable all any RPCs by using Network.SetReceivingEnabled = false;
SO! My question is: “Is this secure?”… I know, nothing is 100% secure, but is this secure enough to release a game, where even real money is involved? If not, please feel free to suggest anything else, that could make my game secure… I would even buy an Asset, that costs less than $50… As long as it can help me and isn’t time restricted.
Also i would always be very happy, if somebody adds me on skype and discuss it through a live chat, instead of a Forum such as this here.