Implement Security Concept
Opened this issue · 0 comments
Bonifatius94 commented
Implement useful Security Mechanisms
Encryption:
- implement SSL for standard payload encryption, e.g. using Letsencrypt certificates
Authentication:
- make sure that noone else can make a draw for a given player by providing a player token for each game session
Optional Encryption:
- add triple diffie-hellman protocol (3DH) for end-to-end encryption on session creation; this heavy encryption overhead is reasonable because message payloads are rather small; disadvantage: the gameserver cannot see the draws anymore