0

Im creating a game where players can create their own levels and publish them online, so that other players can play the levels and compete for the best score. The best score will also have its game-replay saved and uploaded, so that other players can run agains the ghost of this player.

While writing the server code for my application (ASP.NET Core), I have noticed that it would be easy to either modify the score or replay data(CSV with position and rotation values for ghost) before posting. Or simply post false values to my endpoints.

How would I go about ensuring that the data posted to my server is truly coming from my game clients and that the data is not modified elsewhere?

My game will be running on both mobile and desktop, so I wish for a solution that will be fully secure on all platforms.

Tobias Kullblikk
  • 226
  • 1
  • 12
  • 1
    If that data is created on client - there is no way to 100% ensure it really comes from your client and not from malicious user. – Evk May 18 '17 at 11:17
  • 1
    Well I think you can use a combination of asymmetric encryption and delta checking. You can encrypt the data you send so in that way if someone want to send data to your endpoint have to make some reverse engineering. Also you could check delta between last position and the data received and decide if the data have been faked. As @Evk said you cannot be 100% sure that the data have not been altered of faked. – Sinjuice May 18 '17 at 11:18

0 Answers0