First I want to say kudos for this great feature! It has improved my workflow a lot. I was wondering though, how my app is protected if I use the Live Server on a public network. Is the communication encrypted or is there a chance that someone can steal my game?
I’ll see about getting an official answer, but I don’t think you have to worry too much about that even if we are transmitting the code in the clear. Only files you update get sent and it would take a patient, persistent hacker who’s goal is to steal your app to try and assemble your game from scattered packets flowing across an open WiFi. You are not likely going to be syncing your art and audio, nor are you likely to edit every file in your project in a single sitting.
Most sniffers are watching for usernames and passwords and you’re probably more at risk of having your computer compromised and having you app stolen that way than from trying to put it together through packet sniffing. I’m not saying it’s impossible, but its pretty impractical.
Rob
Traffic between Corona Live Server and Corona Live build is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a strong cipher (AES_128_GCM).
This is practically as close to 100% guarantee that your project files can not be obtained by sniffing WiFi as it gets.
However, to even better protect yourself from from any kind of attacks:
-
Never share your .CoronaLiveBuild file (especially “key” value from it)
-
Set up static ip and port in config file
Thanks, Rob and vlads! This is exactly what I wanted to hear
Again, kudos for this great feature!
Daily build 2016.2993 contains some security improvements additionally to other stuff. Give it a try!
I’ll check it out. Thank you!
By the way, I recommend using latest daily build. I believe that 2993 got some minor security improvements.
I’ll see about getting an official answer, but I don’t think you have to worry too much about that even if we are transmitting the code in the clear. Only files you update get sent and it would take a patient, persistent hacker who’s goal is to steal your app to try and assemble your game from scattered packets flowing across an open WiFi. You are not likely going to be syncing your art and audio, nor are you likely to edit every file in your project in a single sitting.
Most sniffers are watching for usernames and passwords and you’re probably more at risk of having your computer compromised and having you app stolen that way than from trying to put it together through packet sniffing. I’m not saying it’s impossible, but its pretty impractical.
Rob
Traffic between Corona Live Server and Corona Live build is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA), and a strong cipher (AES_128_GCM).
This is practically as close to 100% guarantee that your project files can not be obtained by sniffing WiFi as it gets.
However, to even better protect yourself from from any kind of attacks:
-
Never share your .CoronaLiveBuild file (especially “key” value from it)
-
Set up static ip and port in config file
Thanks, Rob and vlads! This is exactly what I wanted to hear
Again, kudos for this great feature!
Daily build 2016.2993 contains some security improvements additionally to other stuff. Give it a try!
I’ll check it out. Thank you!
By the way, I recommend using latest daily build. I believe that 2993 got some minor security improvements.