I have a multiplayer game in which the client version and the dedicated server are the same project, for now the server side does not handle databases but there is a possibility that we will do it in the future. And I present myself with the question that if I export to the web, would there be a security breach in how the data transmitted to peers in multiplayer is handled? Since all the code of the web can be technically seen, the solution that I may find is that the GDscript of the build is encrypted, but I don't know how much is the best solution for this case, if it were the case we would divide the code in 2 separate projects for server and client
Build for web is it safe if the multiplayer client and server code are the same project?
Encryption must be decrypted at a certain point, so you can't do anything special for contrasting the view of the code, client side. Godot uses mbedTLS for crypting the stream between computers. See: https://godotengine.org/article/basic-cryptography-ssl-improvements Basically you create a private key in the client (and server) and send the public key to the other side. In this way, every connection won't be hijacked.
10 months later
Megalomaniak added the Godot Help tag .