im creating an fps game and im trying to find a solution to saving game progress and usernames/passwords to a dedicated server.
For usernames/passwords you do not need a dedicated server, you need a database. x10hosting has some of them for free, which I use for my website.
is it secure, and what type of script do i need?
also how do i connect it to my game securely.
is it something like wordpress,php and my sql combined?
Do you have a base knowledge of web-programming? There is a lot of interpreter like PHP, Perl, and the type of application that you would create it’s not just a simple “Script”
You can have more options. First of all read this:
Why YOU should embed a web server in your game engine.
One reason is that you call tell to the Web/SQL Server to accept connection only from the local server machine itself. So from loopback IPs only (127.0.0.1, 192.168.0.1). IMHO this is the best option in security terms.
Using a local server machine database (eg: CrouchDb), where the server machine write user data locally. (Bad Explanation?)
Use an auth token system. Too much coding
Actually, using the VaRest Engine Plugin & Parse, you can have a auth/session token system up and running in about 15 minutes. There’s even a tutorial on the VaRest Git Wiki on how to set up logging into Parse from UE4. This was 100% Blueprint:
First string is the Username Object ID, Second is the session token & third string is the entire return before parsing. Login Auths & sends a session token back, Logout deletes the session token off the server.
A secure token is something that user can’t access, so if you call an rpc on server by client, client will send that token so that server can say “this is a legit request”… but! If you have in first the token on client stop. It’s not a secure way. Every client can intercept that request/response, every “bad” client can reverse engineering that token.
Edit: Hacks developer just look for this leaks in first, and then for pointers leaks
like kheka said this is not the most secure way of doing things, but thanks for the suggestion.
i have learned php to some extent, but i’m definitely not an expert.
im planning to go the web server route, but im how you connect it to the engine?
so just to clarify the client sends the username/password to the mysql server to check if the username/password is correct, and if it is then it sends back the users saved data, right?
None of session data is stored client side, all of that comes off my Parse database (everything in the strings are from Parses’ server, not locally, should have said something). The client doesn’t have access to the token unless auth’d by the server beforehand
You will need to use the REST or JSON plugins that are available to handle this kind of functionality. There is no built in SQL connections within UE4 at the moment. Just setup a REST api with whatever you feel like, if you have wordpress experience then you can get the REST plugin for that and setup a custom table and away you go.
Link broken (404 Error).
It work for me
You have to sign in to github
so i would need this: WP REST API (WP API) – WordPress plugin | WordPress.org and this: https://forums.unrealengine.com/showthread.php?7045-PLUGIN-JSON-Query ?
I got a working version of a REST API build with PHP
- Mysql (you could use any database depends on your liking)
- VaRest Plugin
It works perfectly, and then you could save or receive any data from the server that you need.
It’s good for Development but for a Live Game it would need some encryption to prevent people seeing what your sending to the server.
You could do this with a Public And Private Key system. most people call this asymmetric cryptography and is commonly used in now days applications. this system is one of the more secure systems and is also used in SSL (https), Payments, Proxy Servers, etc
I wouldn’t use a system oauth (token system) unless your 100% what your doing. it can be very good or very bad if it’s used wrong
But i think i’m getting way to much into details,
But like ZoltanJr said easy way is to use a JSON API
If your stuck with creating the JSON API. ask away i’m willing to give you a hand if needed
ok cool, I’ve made a test with an ssl system and it works, thanks to all
How hard was it? Was it all BPs? What did you do? Did you need an SSL certificate? (They are QUITE expensive)
it was pretty hard.
no it was half half, i cant tell you to much because i only made the engine end of it (had a web designer friend)and i already had an SSL certificate from a website that i no longer use, but probably going to change it to tls or something more secure