From ws vs wss, which one should I use for my game?

565 Asked by in Cyber Security , Asked on Jan 24, 2022

I know it's generally considered best practice to just always use SSL but my game has a tonne of communication back and forth between clients and server (lots of positional updates per second and I want as little delay/bandwidth/processing used as possible) so I'm wondering if it's necessary? What is the worst thing that could happen if I don't enable wss?

Answered by Neeraj Thakur

From ws vs wss, you should use the secure WebSockets protocol in your product. Given (extremely little) information you provided about the details of your game*. Only general answer is possible to the question**: What is the worst thing that could happen if I don't enable wss? If you design and build a system disregarding common security precautions:

at best nothing will happen; then there is a whole gray area where you might either end up losing an opportunity, or have to allocate excessive resources to make up for the initial decision; at worst - there is no limit to bad things that may happen.

* It is impossible to evaluate the impact of using unencrypted communication without knowing in full detail what the game is. Particularly: How are you capitalizing on games? Are users playing against each other? Are users incentivised to cheat (either materially or in form of score tables)? The information required for such an analysis should also include future development of the game, for example what to do if it catches on and you change the model from free and decide to capitalize in future. ** An audit of all possible dangers for using unencrypted communication in a product must take into account so many factors that it would quickly exceed the costs of implementing proper encryption techniques.

From ws vs wss, which one should I use for my game?

Your Answer