• Godot HelpBuilding
  • Build for web is it safe if the multiplayer client and server code are the same project?

I have a multiplayer game in which the client version and the dedicated server are the same project, for now the server side does not handle databases but there is a possibility that we will do it in the future. And I present myself with the question that if I export to the web, would there be a security breach in how the data transmitted to peers in multiplayer is handled? Since all the code of the web can be technically seen, the solution that I may find is that the GDscript of the build is encrypted, but I don't know how much is the best solution for this case, if it were the case we would divide the code in 2 separate projects for server and client

Encryption must be decrypted at a certain point, so you can't do anything special for contrasting the view of the code, client side. Godot uses mbedTLS for crypting the stream between computers. See: https://godotengine.org/article/basic-cryptography-ssl-improvements Basically you create a private key in the client (and server) and send the public key to the other side. In this way, every connection won't be hijacked.

10 months later