I want to create the option to download the daily challenge level from internet in one of my games, specifically from my official site’s server, so I would like to implement a secure security option to make that https request. What options do you recommend?
I would probably make a minimal LAMP stack where the app connects to a single PHP file that requests the file. The PHP file then checks for the latest file from a database and sends it back to the app. For extra security, you can (and should) store the level files/data to a location on the server that isn’t accessible from the outside, i.e. you need the PHP file to get the file.
You’d want your basic protections, like using input validation and prepared statements to prevent SQL injections and to make sure to only allow the PHP script to only make the desired database calls.
You can then add some basic password authentication to the file as well, i.e. check for a password from the app before allowing the code to execute further, but don’t go overboard. Unless you’re using user specific passwords, a game specific password won’t add much in the sense of security.
From the app side, there’s not much more than always making POST requests via HTTPS, and also validating the incoming level files/data.
1 Like