What is everyone’s thoughts on what type of system to use for handling user logins? Right now I have been focusing on HTTP requests, both GET and POST, but I question the security of it. It wouldn’t be all that hard to sniff traffic to get someone’s user/password with this. Plus if you know the ports being used and strings sent, someone could write something to interface with the server too easy. I started off with a TCP server but I could be dealing with a high volume of requests and I’m not liking the server side I have coded so far.
“It wouldn’t be all that hard to sniff traffic to get someone’s user/password with this.” Isn’t that what https is for?
Any protocol you come up with can be reverse engineered, so I wouldn’t waste any time on attempting to obfuscate it. If someone makes a custom client that can login to your service, well, they can do that now, but they can’t really do anything useful with it, so they successfully wasted their time…
We just send simple POST requests to our web service with a payload in json format. All connections made by the game client are encrypted using TLS 1.2.