Forum PayVault PayVault Refresh > Response not encrypted

Discussion and help relating to the PlayerIO payment solution, PayVault.

PayVault Refresh > Response not encrypted

Postby JorgeDamien » March 28th, 2020, 12:34 pm

However, if i look in my Chrome Developer Tools, i can see that all content sent from Clients calls are not encrypted in the response.
I know that external user's cant read in the packet, but the current player can see its returned data from Debug Tools.

On the other side, i see that if i do my stuff from Multiplayer Server calls and then return the values, it seem that the content is encrypted, maybe in a Base64 String ? (I don't know).

Is there any way to hide the returned values from Client calls (like Payvault Refresh for exemple) ?
If not, do you think my only way is to manage to call all theses things from ServerSide and manage this my self...And maybe adding some extra encryption logic of course.

The goal is to have only encrypted response, even in SSL, so it would be more difficult to know what the game is actually sending.

Thank you in advance !
JorgeDamien
 
Posts: 1
Joined: March 28th, 2020, 12:34 pm

Re: PayVault Refresh > Response not encrypted

Postby Henrik » May 4th, 2020, 7:57 am

There's nothing stopping a dedicated attacker from reading any value sent to the game client. When securing your game, you have to assume that every single client is compromised.

That's why the PlayerIO security model relies on restricting read and write access on a per-connection basis, and the idea is that you should typically only write data from your secure multiplayer code.

In your specific case, why does it matter if the player can see the full contents of their vault? You typically want to display the user's inventory and coin balance anyway?
Henrik
.IO
 
Posts: 1880
Joined: January 4th, 2010, 1:53 pm


Return to PayVault