From ws vs wss, which one should I use for my game?

1.5K    Asked by in Cyber Security , Asked on Jan 24, 2022
I know it's generally considered best practice to just always use SSL but my game has a tonne of communication back and forth between clients and server (lots of positional updates per second and I want as little delay/bandwidth/processing used as possible) so I'm wondering if it's necessary? What is the worst thing that could happen if I don't enable wss?
Answered by Neeraj Thakur

From ws vs wss, you should use the secure WebSockets protocol in your product. Given (extremely little) information you provided about the details of your game*. Only general answer is possible to the question**: What is the worst thing that could happen if I don't enable wss? If you design and build a system disregarding common security precautions:

at best nothing will happen; then there is a whole gray area where you might either end up losing an opportunity, or have to allocate excessive resources to make up for the initial decision; at worst - there is no limit to bad things that may happen.

* It is impossible to evaluate the impact of using unencrypted communication without knowing in full detail what the game is. Particularly: How are you capitalizing on games? Are users playing against each other? Are users incentivised to cheat (either materially or in form of score tables)? The information required for such an analysis should also include future development of the game, for example what to do if it catches on and you change the model from free and decide to capitalize in future. ** An audit of all possible dangers for using unencrypted communication in a product must take into account so many factors that it would quickly exceed the costs of implementing proper encryption techniques.



Your Answer

Answer (1)

amandalawrancee

wss isn’t just about secrets; without it, anyone on the same network can tamper with packets, inject moves, steal session tokens, or downgrade players into desyncs, and anti-cheat gets way harder. if you’re worried about latency, tls overhead is usually tiny compared to your tick rate and payload size, and you can still keep messages compact. i learned this the annoying way when testing on public wifi while a teammate had https://bestaviatorapp.com/rajabets-casino/ open in a tab and my ws traffic got messed with through a captive portal. another time a “free wifi” page redirected me mid-session right after i clicked https://plinkogamesonline.org/casino/7star-casino/ and the connection just broke. i’d rather pay the small cpu cost than deal with that, and i also don’t want anyone sniffing auth if a player logs in after visiting https://indianaviatrix.com/22bet-casino/ during a break.

3 Months

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com