Could you teach how to protect the coins, inventories, player data, and critical game logic on the server to avoid fraud and manipulation by the players, where the client should only send requests and receive responses. And where validations are performed on the server for actions that involve player change such as currency transactions, obtaining and removing items in the inventory and validating all data to prevent manipulated data from being sent to the server. And logic could be implemented on the server to verify if the requested actions comply with the rules of the game before applying any change and also Secure User Authentication and Security: Uses secure authentication methods such as OAuth,. Please it would be a good tutorial saga for Godot online multiplayer if possible using nakama, you can make a 2d top down shooter or bomberman to implement those costs the store and inventory and the logic
Yes, I would like it too, so it is protected. Good and no one will be able to manipulate it since it will be validated on the server and if something goes wrong , fraud cannot be committed. Please, I also ask for this.
This is a really cool ideas, and I've been meaning to do a multiplayer or client/server long Godot tutorial for a while - so thanks for confirming it's a good idea! :) I don't know when I'll get enough time to dive into this big a project, but it's definitely on the top of my to-do list ;) Cheers!
@@Lansamatv client only sending what to do is what we call true authoritative server. But unfortunately it's only 100% feasible for games that are turn based or where ping is not that of importance. Any realtime mmo game needs client driven but server reconciliation and Authorization method. Where client tells the server where the character is going but server determines if the move is a valid move or not and updates for all other players
@vickylance Yes, that's true, but I say that at the end of the game, check if the rewards are correct or for the player or if they are not more than they should be and so on, in real time it should be updated, if not, check when starting the section, when entering and exiting the game. and when buying in the store too.
Is there a way to protect the password? Somewhere you need to save the password in code, and have the code in memory (accessed a lot), but still able to run the program - is the next level of securing quite a lot harder?
Passwords are in db so you will use something like bcrypt and a private key to encrypt and store in db which itself should ve authenticated db and use only secure tls everywhere
Heya to you both! So: - I think that @vickylance is thinking about typical user passwords here - indeed, in that case, you often store the user id info + their encrypted password in your app database (DB), and then to check identity later on you compare the stored value to the encrypted version of the current password test. - In games, you don't always have a DB, and in that case it's more of a "game password" than a "user password" :) To protect it, a good trick can be to use some environment file with variables that you load in your game at runtime... but ultimately, and that's the big crux of security, you only offset the probelm ;) From what I know, the safest course of action is to add "deviation layers" (i.e. for example have this extra environment file be encoded itself, and the key stored in another file somewhere else), and most importantly change at least the first chain of this encryption regularly (say once a week). (But again - someone who absolutely wants to hack your data will almost always be able to find a way... sorry for the not-so-reassuring conclusion, but it's important to keep that in mind ^^) Hope this helps, cheers! :)
Thank you so much for the nice comment and the sub! I'm glad you enjoyed the video :) And yup, multiplayer is definitely at the top of my to-do - now I need to get into the docs and understand the topic thoroughly enough to be able to remix it for you all in an interesting way ;) Cheers!
I think this woul dbe really helpful for encrypting data to send over a network as well. Thanks.
Great suggestion! I'll definitely add this to my to-do, and hopefully I'll get to talk about it soon-ish...
Cheers :)
Could you teach how to protect the coins, inventories, player data, and critical game logic on the server to avoid fraud and manipulation by the players, where the client should only send requests and receive responses. And where validations are performed on the server for actions that involve player change such as currency transactions, obtaining and removing items in the inventory and validating all data to prevent manipulated data from being sent to the server. And logic could be implemented on the server to verify if the requested actions comply with the rules of the game before applying any change and also Secure User Authentication and Security: Uses secure authentication methods such as OAuth,. Please it would be a good tutorial saga for Godot online multiplayer if possible using nakama, you can make a 2d top down shooter or bomberman to implement those costs the store and inventory and the logic
Yes, I would like it too, so it is protected. Good and no one will be able to manipulate it since it will be validated on the server and if something goes wrong , fraud cannot be committed. Please, I also ask for this.
This is a really cool ideas, and I've been meaning to do a multiplayer or client/server long Godot tutorial for a while - so thanks for confirming it's a good idea! :)
I don't know when I'll get enough time to dive into this big a project, but it's definitely on the top of my to-do list ;)
Cheers!
@@Lansamatv client only sending what to do is what we call true authoritative server. But unfortunately it's only 100% feasible for games that are turn based or where ping is not that of importance. Any realtime mmo game needs client driven but server reconciliation and Authorization method. Where client tells the server where the character is going but server determines if the move is a valid move or not and updates for all other players
@minapecheux I'll be waiting for that, I'm very interested, thank you very much ❤️
@vickylance Yes, that's true, but I say that at the end of the game, check if the rewards are correct or for the player or if they are not more than they should be and so on, in real time it should be updated, if not, check when starting the section, when entering and exiting the game. and when buying in the store too.
Is there a way to protect the password? Somewhere you need to save the password in code, and have the code in memory (accessed a lot), but still able to run the program - is the next level of securing quite a lot harder?
Passwords are in db so you will use something like bcrypt and a private key to encrypt and store in db which itself should ve authenticated db and use only secure tls everywhere
@@vickylance db?
Heya to you both!
So:
- I think that @vickylance is thinking about typical user passwords here - indeed, in that case, you often store the user id info + their encrypted password in your app database (DB), and then to check identity later on you compare the stored value to the encrypted version of the current password test.
- In games, you don't always have a DB, and in that case it's more of a "game password" than a "user password" :)
To protect it, a good trick can be to use some environment file with variables that you load in your game at runtime... but ultimately, and that's the big crux of security, you only offset the probelm ;)
From what I know, the safest course of action is to add "deviation layers" (i.e. for example have this extra environment file be encoded itself, and the key stored in another file somewhere else), and most importantly change at least the first chain of this encryption regularly (say once a week).
(But again - someone who absolutely wants to hack your data will almost always be able to find a way... sorry for the not-so-reassuring conclusion, but it's important to keep that in mind ^^)
Hope this helps,
cheers! :)
Wow, really enjoyed to your content design.. it's so cool)
+Sub
And I join the people below - it would be great to make tutorials about multiplayer)
Thank you so much for the nice comment and the sub! I'm glad you enjoyed the video :)
And yup, multiplayer is definitely at the top of my to-do - now I need to get into the docs and understand the topic thoroughly enough to be able to remix it for you all in an interesting way ;)
Cheers!
Oh no not my mod 😢