Skip to main content
Game Development

Return to Question

removed block-listed tag: api, added code markdown
Source Link
Pikalek
Pikalek
  • 13.4k
  • 5
  • 49
  • 54

I have a game where I would like to register users and post the outcome of matches between two users through web requests in Unity but have some security questions regarding UnityWebRequestUnityWebRequest.

I have a game where I would like to register users and post the outcome of matches between two users through web requests in Unity but have some security questions regarding UnityWebRequest.

I have a game where I would like to register users and post the outcome of matches between two users through web requests in Unity but have some security questions regarding UnityWebRequest.

added 10 characters in body
Source Link
Kevin Adams
Kevin Adams
  • 3
  • 3

Lets assume my model contains data regarding the outcome of a match between two players. Would https (TLS 1.2) be enough to stop someone resending the same request/packet to inflate their number of wins for example? Or should additional measures be taken to stop this?

Lets assume my model contains data regarding the outcome of a match between two players. Would https be enough to stop someone resending the same request/packet to inflate their number of wins for example? Or should additional measures be taken to stop this?

Lets assume my model contains data regarding the outcome of a match between two players. Would https (TLS 1.2) be enough to stop someone resending the same request/packet to inflate their number of wins for example? Or should additional measures be taken to stop this?

Source Link
Kevin Adams
Kevin Adams
  • 3
  • 3

UnityWebRequest security

I have a game where I would like to register users and post the outcome of matches between two users through web requests in Unity but have some security questions regarding UnityWebRequest.

Assume the following code for sending a web request:

public class TestHTTP : MonoBehaviour
{
    [SerializeField]
    private bool sendRequest = false;
    // Update is called once per frame
    void Update()
    {
        if (sendRequest)
        {
            Model testModel = new Model();
            testModel.ID = "0001";
            testModel.name = "Random_Name";
            testModel.int1 = 555;
            StartCoroutine(SendWebRequest(testModel));
            sendRequest = false;
        }
    }
    public IEnumerator SendWebRequest(Model m)
    {
        string json = JsonUtility.ToJson(m);
        //string text = JsonUtility.ToJson(SimpleAESEncryption.Encrypt(json, "some_password"));
        using (UnityWebRequest request = UnityWebRequest.Post($"some_https", json))
        {
            request.method = UnityWebRequest.kHttpVerbPOST;
            request.SetRequestHeader("Content-Type", "application/json");
            yield return request.SendWebRequest();
            if (request.isNetworkError)
            {
                Debug.Log("NETWORK ERROR:::" + request.error);
            }
            else if (request.isHttpError)
            {
                Debug.Log("HTTP ERROR:::" + request.error);
            }
            else
            {
                string returnData = request.downloadHandler.text;
            }
        };
    }
}

After doing a bit of testing I noted that sending via http would give a plain text body, which was remedied by switching to a https target. Is this enough of a level of encryption or should I add a layer of encryption for the model prior to sending?

Lets assume my model contains data regarding the outcome of a match between two players. Would https be enough to stop someone resending the same request/packet to inflate their number of wins for example? Or should additional measures be taken to stop this?