Hello, GameDev.net!
I've begun fiddling with Unity networking in Unity 5.4 (I believe the current Unity networking API's shorthand is UNET). Here is some background info on the project I have in mind:
- A 2-player, turn-based collectible card-style game. Not projected to generate a lot of network traffic or require heavy processing (just synchronizing game board states, etc)
- A dedicated server box will run multiple Unity server processes on different ports. Each process instance should be able to handle 2 clients.
- The same or a separate box will host a web interface (for the Unity clients) to handle logging in and out of user accounts & client matchmaking. Clients will first ask the matchmaker which port to connect to for each match. Then the clients will connect to that port on the game server and commence gameplay.
I'm looking for feedback and tips for building this system properly and keeping it secure. Especially:
- How do I make messages to/from the web interface secure? I don't want clients to be able to hack into another game instance on another port or do other nasty things. Is there a way to guarantee that messages intended for a web app come from a specific program (the Unity client)?
- When actually working with UNET, what practices can be performed to make hacking the game / cheating more difficult? Because this is a turn-based game, I'm currently striving for a very strict server-authoritative model (players don't have local authority; they just send commands to the server). Will this be enough?
- What other miscellaneous best practices should I know about concerning UNET?
- What is the most secure way to synchronize complex data structures like Dictionaries? I feel like calling add/remove Rpcs on server data change leave room for hackers to inject something into the dictionary and send bad commands to the server (breaking the game). Let me know if this is a stretch.
Thanks for any advice!