I'm setting up a project using a Unreal Engine dedicated server. Currently, players login on their local client with a playfab or other ID, and can connect to the dedicated server when they receive its connection details. However, anyone with the IP and port can connect to that server. The next step in my understanding is to authenticate that the connecting player's session ticket to ensure they're logged in and associated with their playfab ID.
From my reading, it seems that the accepted way to do this is to send the session ticket from the client to the server with a UE4 method. However, UE4's networking by default doesn't have any form of encryption or anything. Wouldn't it be possible for someone using Wireshark or some other tool to see the session ticket, and then use it for nefarious purposes?
I understand that the HTTPS API requests to playfab use SSL, so those are safe, but I'm asking specifically about sending the ticket to the dedicated server OnLogin for the server to authenticate it with an client-to-server RPC.
1. Is this really the expected process for authenticating players on the dedicated server or am I misunderstanding something?
2. Would it be worthwhile for me to investigate setting up some way of encrypting that one very sensitive RPC, Using a public/private key or something?