Security in Cloud

Discussion and help for Easy Save 3
Post Reply
krolldk
Posts: 25
Joined: Sun Jun 02, 2019 11:15 am

Security in Cloud

Post by krolldk »

Hey

What would be the recommendation for providing security in the cloud solution ? I understand the rationale for staying clear of authentication in EasySave, and I think that makes a bunch of sense, but the file storage right now is, unless I'm misunderstanding something, pretty open isn't it ? I mean, theres the API key which I guess provides some security. But if my code is decompiled and someone gets the API key, they can just access the DB through the phpscript directly right ?

Is that safe enough ? I'm not a security expert, so maybe this is best practise, and safe enough ?
User avatar
Joel
Moodkie Staff
Posts: 4826
Joined: Wed Nov 07, 2012 10:32 pm

Re: Security in Cloud

Post by Joel »

Hi there,

This is expected if you're not integrating a login system. For full security you would want to integrate this with the ES3Cloud.php file. However, the precise implementation really depends on the API of the login system you're integrating with.

This might require sending your own POST parameters to the ES3Cloud.php script from Unity, which can be done using the ES3Cloud.AddPOSTField() method. For example you might want to specify your own "loginUsername" and "loginPassword" parameters. Then you could add code to the top of the ES3Cloud.php file which essentially does this:
if(!Authenticate($_POST['loginUsername'], $_POST['loginPassword']))
    Error("Could not authenticate", 401);
Hope this helps.

All the best,
Joel
Joel @ Moodkie Interactive
Purchase Easy Save | Contact | Guides | Docs | Getting started
Post Reply