I know we already have access to user's UUID, which, as far as I can tell, is a alphanumeric unique identifier; However, this isn't ideal for leaderboard development.
Looks to me like UserManager has a function called requestUsername ("Gets the username associated with a console "). I haven't tried it, but it's there in the docs.
Any suggestions on preventing/managing someone from spoofing a UUID over the network? I would hate for an inventive individual from trying to place themselves at the top of a leader board.
I would not depend on a UUID for anything like that.
IMHO
You need to have some sort of challenge/response mechanism in place that assigns a time-limited token of some sort to the user using your leaderboard setup. AKA, some sort of login system, that does not trust the device UUID or any other non-authenticated data as being a valid secure identifier representing anything...
I agree, I think that using the UUID straight up would be a very bad call.
But I don't think it is a good idea for a gamer to have to have different log in credentials for the various game servers that will be setup down the road.
But I don't think it is a good idea for a gamer to have to have different log in credentials for the various game servers that will be setup down the road.
At the moment this is the only way to do things. I don't think gamers will care that much as long as they don't have to re-enter their credentials every single time they play (some kind of 'remember me' option). Or at least I won't.
You didn't remember the plot of the Doctor Who movie because there was none; Just a bunch of plot holes strung together.
Comments
IMHO
You need to have some sort of challenge/response mechanism in place that assigns a time-limited token of some sort to the user using your leaderboard setup. AKA, some sort of login system, that does not trust the device UUID or any other non-authenticated data as being a valid secure identifier representing anything...