I'm not actually using that field, but I'd like to prevent malicious clients from potentially writing to their accounts in anyway.
I'm not actually using that field, but I'd like to prevent malicious clients from potentially writing to their accounts in anyway.
Player Data is used to store information that doesn't affect gaming fairness, for example, personalize data like signature, clothing settings, etc. It is reasonable to keep this feature for players.
However, if you want to disable it, you can edit the client API permissions to deny the access of players. Please refer to the document on API Access Policy - PlayFab | Microsoft Docs.
You may call Authentication - Get Policy - REST API (PlayFab Admin) | Microsoft Docs and Authentication - Update Policy - REST API (PlayFab Admin) | Microsoft Docs to review and modify the policy. Please be very careful when updating and make sure OverwritePolicy property in the request is set properly (set it true only when necessary).
Is there any concern about a user potentially spamming the API with bogus data? I'm currently in the process of trying to make my game "hack proof"
PlayFab has an upper bound limit of 100 API calls per 2 minutes per IP address. Exceeding limit will result in API throttling. In addition, the API frequency usually is determined by your design, when malicious behavior is detected, you may simply ban the player or IP address.
4 People are following this question.