The problem with that approach is the so-called "dev key" and how all the data still resides with the client.
- If you build it into the client, then it can be discovered with a hex editor.
- If you receive it online, then it can be discovered with Wireshark. Besides, there has to be a known master to get it from.
- If the data gets decrypted into client memory, then it can be modded with a RAM editor or cheat engine run by the end user.
You have absolutely no control over any of this, and you will always lose. This is what you get for trusting the client with anything.
Just get over it and write a master server. The client is still free to brew whatever they want with their copy, but as long as your master server doesn't believe their kool-aid and nothing else is affected, it's business as usual.
* By discovered, do you mean that it detects that the account data is stored on the client? If that's all that you mean by discover, then that's fine, because the user would actually need to know where their account details are stored, so they can move it around if they wanna play on a different machine or something. I explicitly want to make it so that the user has to input the directory from which their login details and after logging in successfully the account data can be traced.
* Online? You mean browser-based with HTLM stuff in tact? If that's what you mean then nah, I've not planned to do that any time soon. Just download and play (of course register and login too afterwards).
* Perhaps I can make some workarounds? Not entirely sure on how the RAM editor works, but for the cheat engine, I could perhaps make it so that an actual value of something is in decimals, though the number displays as it without the decimals or perhaps I can add in some type of object that does calculations based off of sprites that are numbers, but are actually different, longer numbers (like, ten times longer or something)? So, like, the number 3 could actually be something like 698 and the user would not know about it, hence typing in 3 and the cheat engine would not detect the actual value of it, which is 689.
So long as things are set up so that the client can't edit their account from within code, I would not care much. It would be good if they could hold onto their accounts and decide whether to delete them or not and so that I can't edit their data either as their accounts are their and their own. You might be a bit surprised about this, but that's the kinda guy I am
Besides all of that, you are breaking terms of use on home data line services when hosting large access public servers.
There are a few more options, but frosty pretty much got them. You can have a pass through server, that receives data and pumps it out to other smaller IPs much like a VPN, the change being that you don't need keys and routing CPU time spent on encryption.
Emm, what? I can't host master servers from my house? What?! And I'm kind of confused on the whole "pass through" server thing. Google doesn't seem to give me much information on what they do.
Edit: Oh, that's what you meant. That's what I believe I thought of when I thought about dedicated servers... It's strange, but to play in Don't Starve Together, for example, even on a dedicated server, you need to have the master server active; this is why nobody could play the game whilst master server had some issues... strange.