Security question #6
-
|
Hello, Thank you for this excellent sample project! My goal is to have my client app connect to my asp .net core game service in PlayFab, which is deployed as a Windows Process. I use SignalR for the connection and this works great over HTTP. Switching to HTTPS makes it not work for the reasons you've mentioned. I now have a domain and will set up this reverse proxy to allow HTTPS connections between the client and the reverse proxy. The part I'm confused about is, what type of connection is going on between the reverse proxy and the service in PlayFab's VM? If it is an unsecured SignalR connection, isn't that still a significant problem? I can see how we reduced the risk by letting the client securely connect, but the connection between the reverse proxy and VM is still vulnerable. Pardon my ignorance, but is this how most games do it? I'm assuming many games need highly performant and secured connections from client all the way to the service without breaks in between. Please let me know if I'm mistaken. I appreciate the help! -Jonathan |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
|
Hi Jonathan, The connection between the proxy server and PlayFab hosted VM is a standard websocket.
It's not a problem from a security standpoint, since we consider the PlayFab VM to be within a trust boundary behind the reverse proxy. An important detail in the implementation is that the client is unaware of the connection details between the reverse proxy and PlayFab VM. This is because the client passes a session ID to the reverse proxy, which is used to call RequestMultiplayerServerDetails and resolve the session's FQDN without exposing any of these details to the client. If you're concerned about the unencrypted traffic from reverse proxy to PlayFab VM, you may be able to setup a self-signed cert and select a port accepting WSS connections in your game server. This isn't recommended however, since the cost of re-encrypting traffic and maintaining these certs on the reverse proxy and game server don't seem to outweigh the benefits.
I just want to re-iterate that a reverse proxy solution is not the most ideal and is only necessary for browser clients. Our team is aware of this unfortunate limitation, and we're hoping to offer a better solution at the platform level eventually. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, Austin! I appreciate the explanation. Take care. -Jonathan |
Beta Was this translation helpful? Give feedback.
-
|
Hi Austin, I've been able to make this reverse proxy solution work. My client requests a server from Playfab and gets a session ID. The client then makes https calls using this session ID to the reverse proxy. This reverse proxy runs on my domain with a certificate in Azure. These calls get forwarded to my game server. So it all works, but after setting it up, I've realized that managing and scaling this reverse proxy is more work than I realized because it may need a load balancer. Plus, it is a single point of failure. This got me thinking about something you said in your reply: "I just want to re-iterate that a reverse proxy solution is not the most ideal and is only necessary for browser clients." I forgot to mention that my client is NOT a browser. Instead, I have a client app built with Unity for my players, and a client MAUI app built for internal testing. These two apps don't have the same restrictions as a browser which only connects via https if there is a trusted CA. Would it be a huge security hole if I simply used a self-signed certificate that the game server and client share when they are installed? Using a self-signed certificate would ensure communication between my client apps and the server are secure, but from what I understand, it's less secure than involving a 3rd party CA. Please let me know if you think this is a fair compromise and if any other game studios do it this way. I'm open to any other suggestions you have on how I can make my Unity/MAUI client's Signalr websocket secure with the game server running in playfab. I appreciate the help. |
Beta Was this translation helpful? Give feedback.
-
|
@jonathanpaullin if you don't intend to target a browser client, a self-signed certificate should be sufficient. Managing a cert for this purpose could be a bit of pain in the long run, but it definitely beats maintaining and scaling a reverse proxy. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, Austin! |
Beta Was this translation helpful? Give feedback.
Hi Jonathan,
The connection between the proxy server and PlayFab hosted VM is a standard websocket.
It's not a problem from a security standpoint, since we consider the PlayFab VM to be within a trust boundary behind the reverse proxy.
An important detail in the implementation is that the client is unaware of the connection details between the reverse proxy and PlayFab VM. This is because the client passes a session ID to the reverse proxy, which is used to call RequestMultiplayerServerDetails and resolve the session's FQDN without exposing any of these details to the client.
If you're concerned about the …