F
Famine
Guest
Hello!
I posted this earlier this week and went back on the thread, so I'm back again for help from the community. I'm currently developing a multiplayer game with a UDP server in Python. My issue is that I want to secure the communication between the game client in GMS 2 and my server in Python. There does not seem to be sufficient security measures with the networking library provided with the game engine. I was hoping someone could point me in the right direction if such functionality does exist in any form.
Security Goals
I was hoping to find a better way of securing user authentication, reduce the ability to spoof the client or server, and reduce or remove the ability to do replays.
Security Concerns
The networking features with game maker don't seem to have a way to secure the connection between the client and the server. This means when data is written to a packet and sent from the client to the server, it's not being sent through a secure channel. The most you can do here is encrypt the buffer with a symmetric key (single key) and hope the key does not get compromised or just hash the data in hopes again, it does not get compromised as well with man in the middle attacks.
This is a big impact on user credentials and other methods of ensuring the packets being sent are truly from the client. For example, sending an encrypted nonce (HMAC) to ensure all future UPD packets are from the approved client can also be sniffed and potentially compromised as well.
Other Solutions
I think as there is likely no option here with the engine itself, making a login client / login handler is going to the best option. That way the login client can be programmed in another language that does support better security and have that client load the game once authentication has completed.
Thanks for the help!
I posted this earlier this week and went back on the thread, so I'm back again for help from the community. I'm currently developing a multiplayer game with a UDP server in Python. My issue is that I want to secure the communication between the game client in GMS 2 and my server in Python. There does not seem to be sufficient security measures with the networking library provided with the game engine. I was hoping someone could point me in the right direction if such functionality does exist in any form.
Security Goals
I was hoping to find a better way of securing user authentication, reduce the ability to spoof the client or server, and reduce or remove the ability to do replays.
Security Concerns
The networking features with game maker don't seem to have a way to secure the connection between the client and the server. This means when data is written to a packet and sent from the client to the server, it's not being sent through a secure channel. The most you can do here is encrypt the buffer with a symmetric key (single key) and hope the key does not get compromised or just hash the data in hopes again, it does not get compromised as well with man in the middle attacks.
This is a big impact on user credentials and other methods of ensuring the packets being sent are truly from the client. For example, sending an encrypted nonce (HMAC) to ensure all future UPD packets are from the approved client can also be sniffed and potentially compromised as well.
Other Solutions
I think as there is likely no option here with the engine itself, making a login client / login handler is going to the best option. That way the login client can be programmed in another language that does support better security and have that client load the game once authentication has completed.
Thanks for the help!
Last edited by a moderator: