Does not authenticating Photon with PlayFab pose a security risk?
Hi,
I just read that the GetPhotonAuthenticationToken request, which is called on every login, causes the Content&Configuration Reads meter to increment.
Because on my own account (for development only, so it may not represent the average user accurately) I have about 1000 Reads per month and the limit is at only 20k reads, the free tier of the new pricing system (Development move) will overdraw it's meter with only about 20 daily active users.
Since it's pretty much impossible for us to switch to the paid tier with only 20 active users, the only solution we found is to pretty much ditch the PlayFab authentication and just allow every user with the app token to connect to photon.
Does this pose any security risks, since anyone with our photon app id could connect to our game and join rooms, etc.? Are there any other solutions to this problem, perhaps without ditching custom authentication?
Thanks in advance!
Best Answer
Since the question is really about security in the Photon service, not PlayFab, I'd have to recommend submitting the question to the ExitGames team (the makers of Photon). In general, we would recommend using the token to securely access the Photon Room.
One thing to know is that the included meters listed for Development Mode are not hard limits. They're estimated usage based on what we've seen to date. If you go over them - barring a pathological code case or bug that causes your title to make an excessive number of calls - it's not a problem, nor will you be billed.
