Security

From HEWIKI
Jump to: navigation, search

What kind of security features exist?

Game play security requires that you implement your game mechanics properly: The Golden Rule: Never Trust the Client. Hacker detection, etc. are all features of your game-specific implementation. We, of course, will be happy to help you with guidance in this regard.

Please note that all remote calls from the client to the server can only be made to functions or methods which are marked with the modifer word Untrusted. This ensures that hacked clients cannot call just any server function. It is, however, important that the implementors of these functions ensure that they are properly safeguarded against hacking (parameter check everything!).

Client-side files are protected from accidental or malicious changes with two coordinated layers of HMAC-style signature verification. Username/password and other sensitive information bound for the AUTHENTICATOR becomes encrypted with a PKI-style key. The actual session between client and server can be protected with OpenSSL, when desired.

See also

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox