By using AWS re:Post, you agree to the Terms of Use

UE4 on Gaemelift: What are the best practices for securing and separating server only code from client - Updating Databases etc?


What is the best practice for securing and separating a UE4 server's ability—hosted via Gamelift—to update databases and perform other tasks that only the server should see and have access to?

The methods we have come up with are:

  1. With an Auth Token to an internal API: utilize Pre-processor directives so that these functions and tokens are never even shipped with the client. (The downside to this is that most of our team is allergic to formal code, so we are not sure how UE4 handles segregated, pre-processor directives that are Blueprint callable functions. Will this cause problems if the Blueprint UFunction ends up being removed on the client?)

  2. Same as 1, but have the servers make a GET request on startup to receive dynamically generated and cycled auth tokens.

What method should we be pursuing to secure our UE4 server's ability to modify databases etc?

1 Answer

Hey - sorry for the delay! GameLift usually doesn't recommend managing auth through the game server or client. Does your game have a corresponding back end service that can handle this for you?

Some docs on the topic:

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions