Private Game

Question

question

Mubashar Bilal asked Jun 10, '20

Private Game

Hi,

What would be the best scenario to create a private game using playfab? What i think is suitable for me is to request multiplayer server from cloudscript and then return the IP address and port number to the client and then the client can share the IP address and port number with friends which in turn can join directly to the server. In this scenario i see two problems:

1. Ip address and port number could be exposed and exploited.

2. How the other players will be validated who join directly to the game server, as few steps are required before like deduction of virtual currency.

How can i overcome these problems?

Can i use matchmaking for this purpose? If so, please guide the way.

Thanks

3

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brandon@uprootstudios.com commented · Jun 10, 2020 at 12:37 PM

@Mubashar Bilal We use Matchmaking for this, and just have the host player create a GUID room code and send it to the person they want to play with, then both players start a Matchmaking ticket with the room code as a string equality parameter. This ensures that both players are matched with each other, and the Matchmaking service requests the server.

0 ·

Mubashar Bilal brandon@uprootstudios.com commented · Jun 10, 2020 at 01:06 PM

In that case how the region selection rule will work if both have different preferred regions? Which region will be selected? the region preferred by host or a friend?

0 ·

brandon@uprootstudios.com Mubashar Bilal commented · Jun 10, 2020 at 01:35 PM

@Mubashar Bilal We have the host send the other player their region latencies and use that for the Matchmaking ticket.

0 ·

Answer 1 · 2020-06-10T08:06:39Z

Seth Du answered Jun 10, '20

If you look into the official sample of Unity server build on Github, there is mechanism to prevent those threats.

When you request a server instance via RequestMultiplayerServer, there is a property named “InitialPlayers”, which can be pre-defined by the initiator.
After a player is connected to the server, the session ticket will be required by the server for authentication and AuthenticateSessionTicket API will be called. The player information will be compared with “InitialPlayers”. After all the verification is done, the game can start.

Though public IP address and ports can be scanned from time to time, which cannot be 100% avoided, the above mechanism can make sure the correct players are using this session. In addition, as it is a session-based instance, it won’t last long.

You are free to write any other functions to detect and reject potential malicious connection, however, I am not expert on it.

3

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Mubashar Bilal commented · Jun 10, 2020 at 11:25 AM

Why it is advised to authenticate session ticket when we can compare the joining players with initial players?

0 ·

Seth Du ♦ Mubashar Bilal commented · Jun 11, 2020 at 02:26 AM

It is a method that the server can identify if the connected player is an expected attendee. There can be chances that a hacker highjacks the RequestMultiplayerServer request via MITM, and obtain the InitialPlayers in the request. however, if you implement this method, he won't be able to join the multiplayer session anyway because he doesn't have anyone' session ticket. Session ticket will only be generated after a successful login is done.

Anyone can directly send his PlayFab ID to the server, and it cannot be trusted unless they have any identity(session ticket).

0 ·

Mubashar Bilal Seth Du ♦ commented · Jun 11, 2020 at 04:12 AM

Yeah that could be the case, Thanks

0 ·

question

Private Game

1 Answer

Write an Answer

Navigation

Spaces

question details