Hello everyone,
Currently trying to figure out what the best practices are to secure and obfuscate a dedicated server’s ability to update databases (leader boards, account info etc.) from the client.
We are currently utilizing AWS, but what is the best practice regarding this?
So far, the main methods I have thought of to go about doing this are:
-
With an Auth Token to an internal API: utilize Pre-processor directives so that these functions and tokens are never even shipped with the client. With some of our team being allergic to code, I’m not sure how UE4 handles segregated, pre-processor directives that are Blueprint callable functions. Will this cause problems if the Blueprint UFunction ends up being removed on the client?
-
Same as 1, but have the servers make a GET request on startup to receive dynamically generated and cycled auth tokens.
Some documentation I have found across the forums here and elsewhere also reference just setting up an API that is only accessible via the IP address of the server, utilizing firewalls etc: no auth tokens used. I’m not the biggest fan of this as I feel like just having the endpoint visible, if one were to go through everything, seems to be a little shaky.
Any advice would be greatly appreciated.