Microsoft Azure PlayFab logo
    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Add-ons
    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA
  • Runs on PlayFab
  • Pricing
    • Blog
    • Forums
    • Contact us
  • Sign up
  • Sign in
  • Ask a question
  • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges
  • Home /
  • General Discussion /
avatar image
Question by Sebastian Kranzinger · Jun 10, 2020 at 10:09 AM · Authenticationlimitspricingphoton

Does not authenticating Photon with PlayFab pose a security risk?

Hi,

I just read that the GetPhotonAuthenticationToken request, which is called on every login, causes the Content&Configuration Reads meter to increment.

Because on my own account (for development only, so it may not represent the average user accurately) I have about 1000 Reads per month and the limit is at only 20k reads, the free tier of the new pricing system (Development move) will overdraw it's meter with only about 20 daily active users.

Since it's pretty much impossible for us to switch to the paid tier with only 20 active users, the only solution we found is to pretty much ditch the PlayFab authentication and just allow every user with the app token to connect to photon.

Does this pose any security risks, since anyone with our photon app id could connect to our game and join rooms, etc.? Are there any other solutions to this problem, perhaps without ditching custom authentication?

Thanks in advance!

Comment
Sebastian Kranzinger

People who like this

1 Show 0
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Brendan · Jun 11, 2020 at 02:05 AM

Since the question is really about security in the Photon service, not PlayFab, I'd have to recommend submitting the question to the ExitGames team (the makers of Photon). In general, we would recommend using the token to securely access the Photon Room.

One thing to know is that the included meters listed for Development Mode are not hard limits. They're estimated usage based on what we've seen to date. If you go over them - barring a pathological code case or bug that causes your title to make an excessive number of calls - it's not a problem, nor will you be billed.

Comment

People who like this

0 Show 0 · Share
10 |1200 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Navigation

Spaces
  • General Discussion
  • API and SDK Questions
  • Feature Requests
  • PlayStream
  • Bugs
  • Add-on Marketplace
  • LiveOps
  • Follow this Question

    Answers Answers and Comments

    4 People are following this question.

    avatar image avatar image avatar image avatar image

    Related Questions

    Server Authentication with LoginWithServerCustomId 1 Answer

    New pricing model shouldn't be released if it's not implemented... 2 Answers

    Standard Pricing and Limits 1 Answer

    Headless Photon (Fusion) Server Startup Fails PlayFab Authentication 1 Answer

    What happens if a Title in Development mode overdraws its meters? 1 Answer

    PlayFab

    • Multiplayer
    • LiveOps
    • Data & Analytics
    • Runs on PlayFab
    • Pricing

    Solutions

    • For Any Role

      • Engineer
      • Designer
      • Executive
      • Marketer
    • For Any Stage

      • Build
      • Improve
      • Grow
    • For Any Size

      • Solo
      • Indie
      • AAA

    Engineers

    • Documentation
    • Quickstarts
    • API Reference
    • SDKs
    • Usage Limits

    Resources

    • Forums
    • Contact us
    • Blog
    • Service Health
    • Terms of Service
    • Attribution

    Follow us

    • Facebook
    • Twitter
    • LinkedIn
    • YouTube
    • Sitemap
    • Contact Microsoft
    • Privacy & cookies
    • Terms of use
    • Trademarks
    • Safety & eco
    • About our ads
    • © Microsoft 2020
    • Anonymous
    • Sign in
    • Create
    • Ask a question
    • Create an article
    • Post an idea
    • Spaces
    • PlayStream
    • Feature Requests
    • Add-on Marketplace
    • Bugs
    • API and SDK Questions
    • General Discussion
    • LiveOps
    • Explore
    • Topics
    • Questions
    • Articles
    • Ideas
    • Users
    • Badges