UE4 on Gaemelift: What are the best practices for securing and separating server only code from client - Updating Databases etc?

Question

What is the best practice for securing and separating a UE4 server's ability—hosted via Gamelift—to update databases and perform other tasks that ***only*** the server should see and have access to?

The methods we have come up with are:

1) With an Auth Token to an internal API: utilize Pre-processor directives so that these functions and tokens are never even shipped with the client. (The downside to this is that most of our team is allergic to formal code, so we are not sure how UE4 handles segregated, pre-processor directives that are Blueprint callable functions. Will this cause problems if the Blueprint UFunction ends up being removed on the client?)

2) Same as 1, but have the servers make a GET request on startup to receive dynamically generated and cycled auth tokens.

What method should we be pursuing to secure our UE4 server's ability to modify databases etc?

Answer

Hey - sorry for the delay! GameLift usually doesn't recommend managing auth through the game server or client. Does your game have a corresponding back end service that can handle this for you?

Some docs on the topic:
https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-architecture.html
https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift_quickstart_customservers_designbackend.html

UE4 on Gaemelift: What are the best practices for securing and separating server only code from client - Updating Databases etc?

관련 콘텐츠