question

Mubarak Almehairbi avatar image
Mubarak Almehairbi asked

What if the leaderboard was hacked?

Suppose I created a leaderboard for my game using PlayFab. Then a hacker found a way to add unlimited scores to my leaderboard. Then I created a new version of my game with improved security. How can I ensure that hackers will not be able to use the old version of my game for score manipulation?

I thought that changing the secret key in PlayFab dashboard will disallow access to the leaderboard. But I think this is not the case for my game since I allow clients to post statistics. Or am I misunderstanding something? By the way, I am using Unity SDK for PlayFab.

Leaderboards and Statistics
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Neils Shi avatar image
Neils Shi answered

Please note that if you enable the API features “Allow client to post player statistics”, then there is no way to prevent fake scores from being posted to your leaderboard, players can use Client/UpdatePlayerStatistics to update their statistics. As Tournaments & Leaderboards quickstart - PlayFab | Microsoft Learn mentions “this option should not be used in a live game, as it gives the client authority over values submitted. This is only valid for cases where there is no concern that players may cheat their statistics.” If you need your leaderboards to be secure, you should not turn on this option. Instead, you should only update statistics via a server authoritative operation, like Azure Function or custom game server.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.