Features
Games
Add-ons
Docs
Pricing
Forums
Blog
Log in
Sign Up

Features

Games

Add-ons

Docs

Pricing

Support

Blog

Log in

Sign Up

  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Ideas
    • Articles
    • Users
    • Badges
  • Home /
  • API and SDK Questions /
avatar image
Question by fakepl · Feb 12, 2018 at 07:59 PM · Custom Game ServersAuthenticationphoton

Security auth question

Hello, I have a question about authentication across multiple servers using playfab. My game is supposed to use playfab mainly for auth, photon server (on-premises) for multiplayer and mysql database on another server.

What i want to achieve is client connects via playfab then i connect to photon server using PlayFabID as a userID and the photon server later manages mysql database based on userID (PlayFabID). Also i want my client to connect to mysql database (via php) in the same manner (using PlayFabID).

I guess it works, but it seems highly unsecure since someone can connect to mySQL database and photon server if he only knows a certain PlayFabID without logging to playfab.

Im not too familiar with authentications and stuff, so here is my question. How can I make a validation and make all these connections safe.

Comment

People who like this

0 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by pfnathan · Feb 12, 2018 at 10:51 PM

The short answer is that you will need to manage your own security for your SQL Database.

What you described is a custom logic that you need to roll for security and everything, and yes, correct that it's insecure. In terms of security, we do not support for Players who need to connect to your own MySQL database;

Please take a look at https://api.playfab.com/documentation/server/method/AuthenticateSessionTicket for AuthenticateSessionTicket - Validated a client's session ticket, and if successful, returns details for that user.

and

Gets a Photon custom authentication token that can be used to securely join the player into a Photon room. See https://api.playfab.com/docs/using-photon-with-playfab/ for more details.

Can you share what you are trying to accomplish? And why can’t you just use our datastore?

Comment

People who like this

0 Show 3 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image fakepl · Feb 13, 2018 at 12:32 AM 0
Share

What i need is to store a cards collection (few hundred) and collections for each player and its easier for me to manage it through mysql. Im going to think about possible solution, just one last question to be sure. If I understand it correctly Im not able to run cloud script from external source without PlayFabSDK, or am I? What im thinking of is getting value out of cloud script function by using http request on my own. Thanks for answer.

avatar image Brendan ♦♦ fakepl · Feb 14, 2018 at 04:02 AM 0
Share

If you're trying to call ExecuteCloudScript from your own server, yes, you can do that. You can use our SDK for that, but it's not a requirement - they're just simple Web API calls, so you can feel free to use your own custom code.

avatar image pfnathan ♦♦ · Feb 13, 2018 at 12:54 AM 0
Share

Regarding Cloud Script through HTTP request, here is the detailed info. https://api.playfab.com/docs/tutorials/landing-automation/writing-custom-cloud-script

http.jpg (36.7 kB)

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps

    • Follow this Question

    Answers Answers and Comments

    3 People are following this question.

    avatar image avatar image avatar image

    Related Questions

    Custom Server authentication flow for analytics 1 Answer

    How can I access game data using apache php server ?,Can I access User data on apache server. 1 Answer

    Photon WebHook Error,Photon WebHook fails 1 Answer

    Protecting my title from cloners 1 Answer

    User not found error when trying to create a game. 1 Answer

    Stay up-to-date with the latest from PlayFab:  
    Sign up for newsletter
    Engineers
    • Documentation
    • Tutorials
    • API Reference
    • SDKs
    • Usage Limits
    PLAYFAB
    • Features
    • Games
    • Add-ons
    • Pricing
    Support
    • Forums
    • Videos
    • File a Ticket
    • Service Health
    • Blog
    About
    • About
    • Jobs
    • Contact
    • Press Room
    • Privacy Policy
    • Terms of Service
    • Acceptable Use
    • Style Guide
     
     
    Sign Up

    ©2017 PlayFab, Inc.

    ©2016 PlayFab, Inc. All rights reserved. PlayFab® is a registered trademark of PlayFab, Inc. | Privacy | Terms | Acceptable Use
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Post an idea
    • Create an article
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Ideas
    • Articles
    • Users
    • Badges