I am currently developing a game for mobile phones using the Unity Engine. We are using Google App Engine Datastore to save the game state(login info, player assets, etc). We provide the information to the Datastore by integrating the required information in a HTML form using Unity’s WWWForm class.
Now, I just want to know if that is a secure way to exchange sensitive game data between the mobile device and the server. And tried looking up forms to see if they provided a basic encryption, but I couldn’t really find any info. If the data is exposed by default, is there a way to easily encrypt/secure it through Unity ? Through some other mean ? I simply do not want malicious users intercepting important data or supplying their own instructions to break the game state.
Dont know if its secure by default, I would assume not. However, its easy to secure use TLS/SSL/https to sned the data.
Enabled SSL on your server, get or generate a certificate, and then change the address the form posts to to be an https address.
This secures the data while its being transmitted. Once it gets to the server it is decrypted.