Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by fakepl · Feb 12, 2018 at 07:59 PM · Custom Game ServersAuthenticationphoton

Security auth question

Hello, I have a question about authentication across multiple servers using playfab. My game is supposed to use playfab mainly for auth, photon server (on-premises) for multiplayer and mysql database on another server.

What i want to achieve is client connects via playfab then i connect to photon server using PlayFabID as a userID and the photon server later manages mysql database based on userID (PlayFabID). Also i want my client to connect to mysql database (via php) in the same manner (using PlayFabID).

I guess it works, but it seems highly unsecure since someone can connect to mySQL database and photon server if he only knows a certain PlayFabID without logging to playfab.

Im not too familiar with authentications and stuff, so here is my question. How can I make a validation and make all these connections safe.

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by pfnathan · Feb 12, 2018 at 10:51 PM

The short answer is that you will need to manage your own security for your SQL Database.

What you described is a custom logic that you need to roll for security and everything, and yes, correct that it's insecure. In terms of security, we do not support for Players who need to connect to your own MySQL database;

Please take a look at https://api.playfab.com/documentation/server/method/AuthenticateSessionTicket for AuthenticateSessionTicket - Validated a client's session ticket, and if successful, returns details for that user.

and

Gets a Photon custom authentication token that can be used to securely join the player into a Photon room. See https://api.playfab.com/docs/using-photon-with-playfab/ for more details.

Can you share what you are trying to accomplish? And why can’t you just use our datastore?

Comment

People who like this

0 Show 3 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image fakepl · Feb 13, 2018 at 12:32 AM 0
Share

What i need is to store a cards collection (few hundred) and collections for each player and its easier for me to manage it through mysql. Im going to think about possible solution, just one last question to be sure. If I understand it correctly Im not able to run cloud script from external source without PlayFabSDK, or am I? What im thinking of is getting value out of cloud script function by using http request on my own. Thanks for answer.

avatar image Brendan ♦♦ fakepl · Feb 14, 2018 at 04:02 AM 0
Share

If you're trying to call ExecuteCloudScript from your own server, yes, you can do that. You can use our SDK for that, but it's not a requirement - they're just simple Web API calls, so you can feel free to use your own custom code.

avatar image pfnathan ♦ · Feb 13, 2018 at 12:54 AM 0
Share

Regarding Cloud Script through HTTP request, here is the detailed info. https://api.playfab.com/docs/tutorials/landing-automation/writing-custom-cloud-script

http.jpg (36.7 kB)

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    3 People are following this question.

    avatar image avatar image avatar image

    Related Questions

    Best Practices For PlayFab OSS Unreal Engine 1 Answer

    How can I access game data using apache php server ?,Can I access User data on apache server. 1 Answer

    Photon WebHook Error,Photon WebHook fails 1 Answer

    Can't I use the same Photon ID in two Titles? 1 Answer

    Authenticating multiplayer binary to call CloudScript Functions? 1 Answer

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges