Hi Francesco,
I have a question in mind. It might seem a bit type of a noobs question to you. I am normally using the https protocol for my applications in Java. But with Combu we have (happily) AES encryption. Does that mean I don't have to use ssl protocol? I will be configuring the server to redirect the request towards 443 port. With the builtin AES encryption of messages is that unnecessary.. I am not a security or cryptography expert. Please accept my excuses if the question or topic is irrelevant.
And one more question I don't want to keep the server and database authentication details simply text in the code... Is there a workaround on that issue..Maybe relevant to the topic do you have an experience on obfuscation? Encryption of the authentication details for the build release.??
Wish you the best
Fau
Using a valid SSL certificate is ever a very good practice if you can afford, as far as I know it will be almost required for public websites in the near future years as there's also the possibility to use some free service like letsencrypt.org (for example the Combu update repository and webservice endpoint is hosted on my server where I installed a certificate issued for free through letsencrypt's script and it requires only to renew it each 3 months I think, anyway just matter of executing a line command on server's shell).
The built-in RSA+AES encryption gives you an extra layer of security so a malicious user cannot understand what's in the outgoing request (if you enable Log Debug in inspector you'll see the outgoing URL after first initialization are like server.php?token=XYZ...&data=WASD...).
For anti-cheating there are some alternatives in Asset Store, for example Anti-Cheat Toolkit seems a good option as far as I know, I just read that it should have also an editor for ObscuredPrefs so you could use it to store your AppId and AppSecret and then in the method Awake of a script set the properties appId and appSecret of CombuManager component. You can create a script with execution order before CombuManager or just create a script inheriting from CombuManager, override Awake and call base.Awake() after setting the properties (this would be a cleaner way of coding).
using Combu;
public class MyCombuManager : CombuManager
{
protected override void Awake()
{
appId = "XYZ";
appSecret = "ASD";
base.Awake();
}
}
FRANCESCO CROCETTI @ SKARED CREATIONS
Francesco you definitely rock. Wonderful support. Extremely satisfied with the dialog going on in here...
This is my first day with Combü, yet I have been debugging whole day the demo scenes. I have observed the encrypted variables and I feel satisfied with that. As you said adding another layer of security would make me feel a bit more satisfied.
Thank you so much for the professional support.
Cheers
Fau
