Skip to main content

On Sale: GamesAssetsToolsTabletopComics
Indie game storeFree gamesFun gamesHorror games
Game developmentAssetsComics
SalesBundles
Jobs
TagsGame Engines

I agree with this. The threat you are facing is pretty context sensitive. Worst case here is that someone spams your Highscore with bogus data.

Is it annoying? Sure. Does it reduce the enjoyment of your game? Probably not much. Is there a threat to your players or their personal/sensitive data? Definitely not.

So worst case scenario is annoyance. Do you want it from a product you paid for? Probably not. Can you forgive it in a 48h jam game, especially if caused by a third party being an asshole on purpose? Hopefully.

So I would leave it and fix it later if the game continues to be a project after the jam. 

I had a similar situation in my project. You could spam my lobby server with fake games and keep them in the server list if you emulate the heart beat for each one. You can even manipulate the shown player count for existing games. But why would you for a jam game? So I could either have spent a portion of my 48 hours to make the lobby more secure against dedicated assholes or spend it on my game. The server doesn't store any personal data (it doesn't store ips, only a token for the signaling server) so it can't leak any. And if someone starts spamming (again, I don't know why anyone would for a small jam game) I'll start blacklisting ips (because I can see the logs...)

We should both remember to tighten up security after the jam though.

Thank you for this explanation. I am thinking in a simmilar way. 48h ain't enough to make is super secure. Maybe it could be enough if I were some network prodigy but the truth is that this whole database is controlled with simple fetch api and I know (close to) nothing about networking.