Some questions about SSL...

Discussion in 'Server & Community Management' started by JacobCrofts, Jun 14, 2016.

  1. Since the game I'm going to release in the not-too-distant future relies on regular communication with a web database, I need a way to protect the data I send back and forth from forgery. If I were to publish my work right now, anyone at all could send a phony HTTP request to my website and manipulate a player's stats.

    How do I prevent this from happening, if not with an SSL Certificate? How do major networks like Mineplex manage without one?
     
  2. md_5

    Administrator Developer

    All database communication is done server side.
    Players should not be able to send anything to your database.
    Put a password on it; optionally make sure only your server IP can access it. That's all you need.
     
  3. Thanks for the advice. Is there no concern of a main-in-the-middle attack, then? I'm new to the realm of web security, but it seems such an authentication system would be vulnerable to hackers listening to HTTP traffic. Even if I included a password, since requests without SSL are not encrypted, hackers could get access to that password (and spoof the IP if necessary to bypass the IP check).
     
  4. md_5

    Administrator Developer

    If someone is man in the middling connections between your two servers you probably have bigger things to worry about...... Same thing for IP spoofing, they'd have to be inside your server provider's network at which point you have bigger issues.
     
  5. Which isn't to say SSL isn't a good idea..
     
    • Optimistic Optimistic x 1