I'm in the process of creating a game overlay distributed application with C# that needs to send data to a GAE server and gets a data update as response.
I used Gaelyk for a simple GET Groovlet but I wonder about how to secure the data delivery to my service. At the moment (local server) I just do GET calls with parametes. For successful processing I simply check that all parameters have been submitted with the call.
But as soon as I'm out in the wild this is no option. Problem is that Hackers although it's a niche application will have a strong interest in getting the response data as this can have a big impact on the game itself, e.g. gives a huge advantage for the hackers.
As GAE doesn't have a SSL option afaik, I thought of doing somehting like this:
Is this a legit way to secure my service? Are there better alternatives? And how to start on C# and Gaelyk/Groovy with asymetric encryption?
PS: I needed to go with C# because of some requirements with memory reading and I needed to use GAE because it's free for personal usage and I don't expect big traffic. I used Gaelyk because of the simplifed Servlet/Datastore handling.
Edit: I just saw Security on Google App Engine(Java) - Servlet SSL? about using SSL for free is possible. So my questions should rather be
Is this enough for secure communication? Can I use this from within my c# application without hassly for the user?
Yes, it should be sufficient. You can enforce it using the <security-constraint>
as described in the deployment descriptor configuration.