Securely storing data

I have a question regarding anti-cheat. My game uses unet and a separate server to store data in a sql db (since as I understand it, I can't store data on unity's server). When the player gets coins, unity's server calls a function on the server to update the db. I made sure that a secret code is required to access the server. But what prevents anyone from decompiling the game and getting the secret code? Then they can give themselves as many coins as they want. I can have a server script check IP, but I don't know the unity server's IP and also IP can be faked.

Is there a more secure way to do this? Any ideas at all would be greatly appreciated!

 

Ok, after working on it I can give you some ideas.

For example our player leave the sever and you need to save [SyncVar] float Coins;

On your Custom Network Manager you can addd this one:

Code (CSharp):

1.  
2. // called when a client disconnects
3. public virtual void OnServerDisconnect(NetworkConnection conn)
4. {
5. //Save method here
6.    Save(conn.playerControllers[0].gameObject);
7.     NetworkServer.DestroyPlayersForConnection(conn);
8. }
9.  
10. void Save(GameObject player){
11. float coinsTosave = player.GetComponent<Stats>().coins;
12. //Save here with security code::
13. }
14.  

Ok, if you will build it up this part of code will be on client and on server, but you dont want to it be decompiled by .NET Reflector and stoled by client, you can cut this part of code with defines, and this code will only works on SERVER, for protect your security DB code you can add custom defines, work say the UNITY which code must be on server or which one on client.

Here is link for Global Define Wizzard:https://github.com/prime31/P31UnityAddOns/blob/master/Editor/GlobalDefinesWizard.cs

This is Editor addition so put it on Editor folder, ok after u manage ur defines like SERVER and CLIENT you can do next:

Code (CSharp):

1. #if SERVER
2. // called when a client disconnects
3. public virtual void OnServerDisconnect(NetworkConnection conn)
4. {
5. //Save method here
6.    Save(conn.playerControllers[0].gameObject);
7.     NetworkServer.DestroyPlayersForConnection(conn);
8. }
9.  
10. void Save(GameObject player){
11. float coinsTosave = player.GetComponent<Stats>().coins;
12. //Save here with security code::
13. }
14.  
15. #endif
16.  
17. #If CLIENT
18. this part of Code will be compilated only on CLIENT version.
19. bla bla bla
20. #endif
21.  
22.  

Hope it can help you...

 

Thank you for the suggestion! I think I am confused about something fundamental about unet. For your method to work, the code needs to be compiled on the unet server. Does this happen automatically? If so, how does unet have access to the source code? If not, how do I compile it on the unet server? As of now, unet seems to grab the compiled code when client connects.

 

In this case, you need to compile 2 version of your project 1) server 2) client
Global defines make it easyer, to cut code which not to be used on client - like save method to db.

 

For better understanding take a look this video:

 

I can share with you some screens, I'm cut the ItemDatabase part code for client, its not necessary but for esthetic, or for protect like in your way.
Here what can see Client after decompile with ILSpy, in ItemDatabase.cs:


Here how it originaly looks, we add define #if Server:


P.S this code runs only on Server, but we dont want to Client saw this code.

 

take a look at my blog, i made a post of it)
https://wobesdev.wordpress.com/2016...-the-source-code-from-the-eyes-of-the-player/

 

Thanks! That helped a lot. I think my mistake was that I thought that unet was acting as a server (their documentation is really confusing!) However, I realize now that it's acting as a relay. To do what I am after I would need a different dedicated server. Any recommendations for a dedicated server? I'm indie so would need to be something cheap but expandable in the future...

 

UNET is also can be dedicated server)
And for free. All what you need, public IP and openned port, check my blog, I have a Console Master Server on UNET and global chat in game menu, and dedicated servers: https://wobesdev.wordpress.com/2016/09/19/chat-in-game-menu/

And here it is

 

That is awesome! Exactly what I was looking for. I also found instructions for setting up and installing master server on Ubuntu https://noobtuts.com/unity/unet-server-hosting

I'll probably try that approach tonight. Thank you for pointing me in the right direction!

 

Wow, but my Master Server is for UNET only

 

Do you have a "how to" guide? Or have tips on how to make the unet master server? It's not clear to me from the video how it works.

 

Check this out: https://forum.unity3d.com/threads/master-server-sample-project.331979/