Post by abarcendo24 on Jan 3, 2022 5:02:14 GMT
I'm wondering if anyone, including the AnkuLua team would have any suggestions on how to go about using a different licensing server than AnkuLua's. The reason I have to use a custom licensing server is because I developed a script for a game that AnkuLua told me they cannot provide licensing services for. According to them, it is the only game they cannot provide this service for. I assume it has to do with the company who made the game issuing some sort of a cease and desist message to them.
Regardless, that leaves me with having to find my own licensing solution which I was fine with and capable of until I realized that all network requests other than AnkuLua's internal licensing requests are displayed to the user in full form, exposing sensitive API key/token information that should be hidden from the user. A lot of the posts in this forum have AnkuLua admins responding with 'Security is the #1 priority' but, security should go both ways. I understand the reasons for notifying the users of data being sent over the network, however there should also be a consideration for the developer of the script needing some security accommodations as well.
Exposing all network request URL's as well as all POST parameter data defeats the purpose of using security credentials at all when calling an API.
AnkuLua's network related functions are already very limited. There is no ability to add/remove/edit header information for the requests and very little control on the ability to format the request data.
What options do I have to conceal sensitive data given that I am forced to used an outside licensing service?
Side Note: I have built a custom API endpoint with a simple database of license information paired with a little bit of the user's device information. I am able to structure the license API in different ways as it's just a simple NodeJS server. Given that information, what recommendations does anyone have as to the best approach to achieving an acceptable and safe solution?
Thanks in advance.
Regardless, that leaves me with having to find my own licensing solution which I was fine with and capable of until I realized that all network requests other than AnkuLua's internal licensing requests are displayed to the user in full form, exposing sensitive API key/token information that should be hidden from the user. A lot of the posts in this forum have AnkuLua admins responding with 'Security is the #1 priority' but, security should go both ways. I understand the reasons for notifying the users of data being sent over the network, however there should also be a consideration for the developer of the script needing some security accommodations as well.
Exposing all network request URL's as well as all POST parameter data defeats the purpose of using security credentials at all when calling an API.
AnkuLua's network related functions are already very limited. There is no ability to add/remove/edit header information for the requests and very little control on the ability to format the request data.
What options do I have to conceal sensitive data given that I am forced to used an outside licensing service?
Side Note: I have built a custom API endpoint with a simple database of license information paired with a little bit of the user's device information. I am able to structure the license API in different ways as it's just a simple NodeJS server. Given that information, what recommendations does anyone have as to the best approach to achieving an acceptable and safe solution?
Thanks in advance.