so basically I am developing a party game, where you play with your friends via Listen Server and Epic Online Services for matchmaking.
What my question is though, how can I prevent some hacker to compromise the computer of another client?
Cheating in-game is a whole 'nother topic but protecting the players sensible data is kind of beyound my knowledge. (does EOS already do that for me?)
Any devs out there, that could maybe shed some light into my (un)knowledge?
The EOS backend (hopefully) wonât compromise any data between users except when permissions have been given but it doesnât prevent you from accidentally compromising things within the game or by using plugins inappropriately.
You as a developer has the responsibility for the game and the features you include in it.
Obviously the end-user has the responsibility to keep their Operating System , Drivers and programs updated to avoid being an easy target but it is still your responsibility to ensure security patches for the game are released in a timely manner.
If you try to keep things updated and track security patches and donât use plugins in a way they werenât intended you should be fine though.
For listen servers, the EOS will match-make between the host and the player.
The security of the host is up to the host. E g, if Iâm running a listen server on the public internet without a firewall, then Iâm running a computer on the public internet without a firewall. Thereâs nothing the game (or EOS) can do about that.
However, in practice, the listen server will most likely be behind a NAT router/gateway/firewall. This means that the purported attacker can attack either the game itself, on the port itâs served on, or any service thatâs exposed on the router/gateway/firewall. Again, the security of that device is up to whoever hosts the game; thereâs nothing you can do about this. (And this is why itâs so important that people update their firmware, but nobody ever does this âŚ)
What you can do, is make sure you test your game with âhackedâ network packets, trying to âownâ or âcrashâ it through fuzzed traffic, sending too-large packets, pacets with corrupted length values, and so on. As long as your game will properly reject mal-formed packets and wonât do things like reading packets outside of bounds, then the game itself wonât be a vector for hacking. The rest of the security of the hosting setup, is up to whoever is hosting â no matter whether theyâre running your game, or not.
