Does Playfab cloud script automatically verify the user and prevent DDoS attacks ?,Does Playfab cloud script automatically verify the user
Hi. I want to use Firebase Firestore database along with their cloud functions to store and fetch data since PlayFab only has the ability to store player data.
DOES PLAYFAB HAVE A DEDICATED DATABASE WHERE I CAN STORE MONSTERS INFO ETC?
When the PlayFab SDK makes a API call to PlayFab Cloud Script, is that user automatically verified? Is it protected from basic DDoS attempts? I am thinking about having the SDK call the Cloud Script which will load the user data by fetching it in the script and sending it to my firebase cloud function to process. So PlayFab is essentially a middle man.
,
Best Answer
>> Does PlayFab have a dedicated database where I can store monsters info etc.?
How often do you modify this type of data? If the data is more like the title’sconfiguration that only is modified by the administrator. You can consider storing it using PlayFab Title Data. If the data fetching is more like the global variable that can be triggered by players’ behaviors. The external data storage service is required.
PlayFab doesn’t provide such a dedicated database that can be used to store the info. Title developers can only access the PlayFab API methods to operate the data. However, we have integrated Azure functions with Cloud Script. PlayFab CloudScript using Azure Functions gives developers the ability to leverage any number of Azure features such as CosmosDB. You can use this API ExecuteFunction to access the Azure Functions safely.
>> When the PlayFab SDK makes a API call to PlayFab Cloud Script, is that user automatically verified? Is it protected from basic DDoS attempts?
When clients call the API ExecuteCloudScript to execute a CloudScript function, PlayFab would verify the player’s Session Ticket that in the request header. If you call the ExecuteFunction, PlayFab would verify the Entity Token. If you use PlayFab SDK, SDK would cache the Session Ticket and Entity Token when players are logged in. The API calls that don’t provide the authenticated credentials would get the “Unauthorized” error. It can prevent some basic DDoS attempts. Basically, there are multiple protections against DDoS-type behaviors, including the existing AWS protections. But we would still suggest title developers validate all info passed to the CloudScript to avoid possible safety issues and waste of resources.
Thank you for your help. So I want to store monster data which include imageLink, hp, attack, etc...So it looks like I'll need an external database...I think I'll use azure. I think playfab cloud script uses https ? so my azure functions can remain as HTTP because it only communicates with playfab's cloud right?
Besides monster data, I think PlayFab has everything else I need. I'll just store monsterID on PlayFab and fetch the data by using the ID (I hope PlayFab shop has a verification method to validate the monsterID so user can't just sneak in a powerful monsteriD and get it).
Does PlayFab have auction house features?
>> I think playfab cloud script uses https ? so my azure functions can remain as HTTP because it only communicates with playfab's cloud right?
I'm not very sure what you main. The azure functions can request external URI too, and it supports https.
>> Does PlayFab have auction house features?
There are no such features on PlayFab.
@Sarah Zhang
What is the difference between:
https://docs.microsoft.com/en-us/rest/api/playfab/cloudscript/server-side-cloud-script/executeentitycloudscript?view=playfab-rest
and
Just the verification of the Entity Token?
ExecuteFucntion applies to Azure Functions. ExecuteEntityCloudScript applies to Cloud Script. ExecuteCloudScript invokes the CloudScript function without verifying the EntityToken. All in all, ExecuteFucntion and ExecuteEntityCloudScript would both verify the entity token and pass the player's entity in the context. ExecuteCloudScript won't pass it.
If you have other questions about PlayFab, welcome to post the new thread to ask them.
