Hi!
My question is how secure Photon Cloud's AppID is. AFAIK, it's rather easy to hack a Unity's managed game code and reveal the AppID - it is used in PhotonNetwork.Connect() method anyway. So, any precautions to securely store the AppID in the game will break down the wall of memory reading and stuff like that. Once the AppID is revealed a hacker can make a game build which suppresses any user validation prior to PhotonNetwork.Connect()call.
My idea is to implement a Cloud's optional feature to use a 3d party authorization on calling PhotonNetwork.Connect(). In addition to the AppID a game will pass to the Cloud some sort of userId (just a string). Then the Cloud will contact a game's web server passing the userId to it and receiving a HTTP code of 200 (OK, the user can connect) or 403 (Access denied, the user should be rejected from the Cloud) as an answer for example. The trick is that the request URL to the game's server will be defined in the Cloud Control Panel so the game instance could not change the way of authorization process.. Obviously, there we can implement any policy of granting access for a specific user to the online mode inside our game's server.
What guys you think about this idea?
My question is how secure Photon Cloud's AppID is. AFAIK, it's rather easy to hack a Unity's managed game code and reveal the AppID - it is used in PhotonNetwork.Connect() method anyway. So, any precautions to securely store the AppID in the game will break down the wall of memory reading and stuff like that. Once the AppID is revealed a hacker can make a game build which suppresses any user validation prior to PhotonNetwork.Connect()call.
My idea is to implement a Cloud's optional feature to use a 3d party authorization on calling PhotonNetwork.Connect(). In addition to the AppID a game will pass to the Cloud some sort of userId (just a string). Then the Cloud will contact a game's web server passing the userId to it and receiving a HTTP code of 200 (OK, the user can connect) or 403 (Access denied, the user should be rejected from the Cloud) as an answer for example. The trick is that the request URL to the game's server will be defined in the Cloud Control Panel so the game instance could not change the way of authorization process.. Obviously, there we can implement any policy of granting access for a specific user to the online mode inside our game's server.
What guys you think about this idea?