I have a program that will allow multiple users to log in and adjust information viewed by all users. It is hosted by one user being the Server and all others being the clients. I have made all of my Rpc calls with NetworkedMultiplayerEnet. It all works fine however, I am concerned about security. People will be able to log in from anywhere, they simply need to be given the port and the password.
Just be having a port open through port forwarding will this allow a hacker to access all data on my computer or mobile device (depending on which device they log in with)? Would this be the same as an open unsecure connection?
I need some help making this simple program secure. Any help would be appreciated.
Guidance on secure network setup?
First, what does a login actually allow a client to do? If you do not provide any ability to access your files, then the danger is limited. If data sent cannot be interpreted as a script (or db call) then a server's or client's risk is low.
Regarding port forwarding here are a couple of links: https://www.purevpn.com/port-forwarding/is-portforwarding-safe https://superuser.com/questions/561140/how-safe-is-port-forwarding-in-general
I think the best thing to do is lookup how to establish safe port forwarding for your OS as a start.
- Edited
It is tricky because I want it to be seemless for the user. I was thinking about using the UPNP in godot to open the port so the user wouldn't have to manually do so. I don't know if that is a good idea or not. The data being sent is not sensitive, it is just character info. Do you think this will be safe?
@Calinou , I was reading a little on DTLS. My program uses eNet and connects users peer to peer with no external server. The extra encryption sounds nice but I don't know if I can use it. 1) Does this need to have a dedicated server? 2) Can I create my own certificate?
1) Does this need to have a dedicated server?
No, as any client can host a server too.
2) Can I create my own certificate?
I think there's an option to create a self-signed certificate. You can do this when creating a server, and make clients trust any server they connect to by disabling certificate verification on the client. By doing so, you lose the "authentication" part of TLS, so beware! Nonetheless, the data is still encrypted over the wire.
So if I create a self-signed certificate I would need to disable verification because a new one would be created each time and the client wouldn't have access to it beforehand? Am I understanding that correctly?
@ondesic said: So if I create a self-signed certificate I would need to disable verification because a new one would be created each time and the client wouldn't have access to it beforehand? Am I understanding that correctly?
Yes. You can't verify the certificate identity if it's self-signed, as you essentially have to trust whoever signed the certificate (there is no central authority).
@Calinou said " By doing so, you lose the "authentication" part of TLS, so beware!" What are the risks of of this? Are they serious?
- Edited
@ondesic said: @Calinou said " By doing so, you lose the "authentication" part of TLS, so beware!" What are the risks of of this? Are they serious?
It means you can no longer be sure whether the server is really the "real" one, or whether it's being spoofed by a malicious entity. Whether this is a real problem or not depends on your threat model. For example, if you store user credentials on individual game servers, this is a big deal because a spoofed server could log those to the malicious administrator's console :)
Is there a way to create and include the certificate and the CryptoKey files in the final app. Then access the both on running the app?
Is there a way to create and include the certificate and the CryptoKey files in the final app. Then access the both on running the app?
You need to create those keys at run-time and store them in user://, since they should be different for every server.
The data being sent is not sensitive, it is just character info
If it just data, like appearance and say its character class, the data itself doesn't look like an issue. But this is separate from security issues related to port forwarding,
If connecting involves a port+password, it seems like you are assuming each device is in the same LAN.
So this leads me to ask what do you mean by "anywhere". A port is only valid for a LAN, it isn't a global inet addy.
Securing your session means considering each step to access and the kind of observers possible:
- How does a player get the port+password? If you are freely posting it for a 'game' session, then access to the session is open to anyone who can see the combo and will allow anyone in a LAN to login.
- Is the data passed over the port sensitive? In this case email addresses, credit card numbers, real name, address etc can all be considered this way because identity theft is a thing.
- Where is this LAN? Home? Internet Cafe? The latter for example should never considered 'trusted'.
Thank you for your response. 1) The password is sent privately to the players who want to join by the plyer hosting. 2) No email, purchasing is being done in the app. 3) This is the first time I have heard that a port is only for LAN. I had to open a port to to allow my phone to access info on my home computer when I was away. Am I missing something?
2 years later
Megalomaniak added the Godot Help tag .