blocks|key|3278849|text|这听起来像是一个优化问题。如果您有您认为有价值的信息，请从SSL开始(一种相对容易试用的安全解决方案)。一旦你有了工作，就对系统进行基准测试。如果您觉得性能影响值得花时间尝试和优化，那么就这么做吧。如果没有，你就完了！|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3278850|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

This sounds like an optimization question. If you have information that you feel is valuable, start with SSL (a relatively easy security solution to try out). Once you have things working, benchmark the system with and without. If you feel that the performance hit is worth spending time on to try and optimize away, do that. If not, you're done!

blocks|key|4124035|text|用户是否使用用户名和密码登录？如果是这样的话，我认为它值得保护。毕竟，用户最终可能会使用他们在其他地方出于安全目的而使用的密码。我知道他们不应该，但是..。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4124036|现在假设有人在窥探您未受保护的对话。他们得到你网站的用户密码，用它登录敏感网站，然后他们就离开了……|4124037|如果你不想对信息进行加密(我确实理解获得有效证书等会有点痛苦)，那么至少有必要让用户清楚地知道他们的数据是未加密的，并强烈建议他们不要使用他们在其他地方使用的密码。|4124038|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

Are users logging in with a username and password? If so, I think it's worth protecting. After all, users may end up using a password that they use for secure purposes elsewhere. I know they shouldn't, but...

Now suppose someone's snooping on your unprotected conversation. They get the user's password for your site, use it to log into the sensitive site, and they're off...

If you don't want to encrypt the information (and I do understand it's a bit of a pain getting hold of a valid certificate etc) then it's worth at least making it very clear to users that their data is unencrypted, and emphatically urge them not to use a password they use elsewhere.

blocks|key|4124216|text|如果你担心你的客户会窃取你的数据传输，ssl不会给你带来任何好处。它的通道安全性，如果他们拥有客户端，那么在中间设置一个人，让他们可以查看未加密的传输是相对简单的。如果您担心用户入侵其他用户的数据传输，那么ssl是一种很好的、相对简单的安全措施。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4124217|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

If your worried about your clients hacking your data transmission ssl buys you nothing. Its channel security and if they own the client its relatively trivial to setup a man in the middle session where they can view your transmission unencrypted.
If your worried about users hacking others users data transmissions then ssl is a good and relatively simple security measure.

blocks|key|57789|text|应该使用SSL，因为您不知道将来会发生什么漏洞或问题。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|57790|机密性只是考虑你是否需要SSL的一种方式，如果你正在传输任何个人数据，那么我希望它得到保护。在某些国家/地区，您不使用SSL可能违反了数据保护法。|57791|还有其他方法可以保护您传输的数据，例如在传输之前使用PGP密钥加密有效负载，然后在服务器上解密。|57792|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

SSL should be used since you don't know what exploits or problems will occur in the future.

Confidentiality is only one way of considering whether you need SSL, if you are transmitting any personal data then I would want it secured. In some countries, you may be in breach of data protection laws by not using SSL.

There are other methods of protecting the data you transmit such as encrypting the payload with a PGP key before transmission and decrypting on the server.

blocks|key|3278936|text|不是的。如果玩家X不在玩家Y和服务器之间，他可以通过黑客攻击你所说的方式获得的唯一数据是服务器发送给玩家X的数据。这些数据根本不是可保护的，因为他的机器无论如何都必须能够提取这些数据。您可能只需要压缩它，而不是使用SSL:保护级别不会有太大差异。相反，只要确保你没有给玩家X发送任何他不应该有的数据。有人不太可能在游戏中使用中间人类型的攻击。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3278937|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

No. If player X is not between player Y and the server, the only data he can get by hacking the way you are talking about is data the server is sending to player X. And that data is not protectable at all, since his machine must be able to extract it anyways. You may as well just zip it rather than using SSL: the level of protection will not differ by much. Instead, just make sure you don't send player X any data that he should not have. It's unlikely for someone to use a man-in-the-middle type of attack on a game.

blocks|key|897057|text|如果这个游戏因为不安全而被认为是不公平的，我会担心除了作弊的人之外，任何人都不会对它感兴趣。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|897058|除了保护数据流之外，有没有可能减少你已经发送的内容？还是压缩它？|897059|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

If the game is known to be other than fair because it is insecure, I'd worry that it would cease to be of interest to anyone but the cheaters.

Besides securing the data stream, is it possible to pare down what you're sending already? Or compress it?

blocks|key|4124267|text|需要更多信息才能做出明智的决策，但您不必使用SSL来保护您的数据。您可以始终使用另一种算法和客户端和服务器之间的共享密钥，或者公钥/私钥。这样，您就可以更好地控制哪些位需要保护，哪些位应该保持打开状态。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4124268|一般来说，像登录这样的东西应该始终使用SSL进行加密。您可以通过SSL通道交换一组新的密钥，然后使用这些密钥切换到非SSL，以保护敏感数据。|4124269|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

More information is needed to make an intelligent decision, but you don't have to use SSL to secure your data. You could always use another algorithm and a shared secret between the client and server, or public/private keys. You would then have better control over which bits to secure and which bits to leave open.

In general things like logins should always be encrypted using SSL. You could exchange a new set of keys over the SSL channel and then switch to non-SSL using the keys to protect the sensitive data.

blocks|key|4124327|text|SSL被一些人认为是对(几乎)不存在的问题的修复。这是非常困难的实际窃听和提取未加密的信息。几乎没有人这样做。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4124328|如果你看一下从网上商店购物的案例，更有可能发生的是，他们入侵了服务器，并下载了整个交易数据库。在理想的系统中，您甚至不会将您的信用卡凭证发送给经销商，只发送信用卡公司的签名证书，声明交易已获得授权。然而，在互联网的早期，这被证明是一个难以建立的系统，但它将是更正确的解决方案。最后，他们选择了效率较低，但更容易实现的系统。|4124329|现在继续问你的问题。在您的情况下，我看不到SSL提供太多。如果有人想要设置一个程序来监视发送到网络或从网络传出的内容，仍然可以这样做，因为他们可以在数据真正加密之前放置钩子来捕获数据。如果你担心第三方，或他们的对手，嗅探电线，找出他们不应该访问的游戏信息，例如另一支球队的队友之间的聊天。嗯，我想说的是风险非常小，不值得解决。|4124330|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

SSL is considered by some to be a fix for a problem that (almost) doesn't exist. It's very hard to actually tap the wire and extract unencrypted information. Almost nobody does it. 

If you look at the case of buying from an online store, what's a lot more likely to happen, is that they hack into the server, and download the entire database of transactions. In an ideal system, you would never even send your credit card credentials to the reseller, just a signed certificate from the credit card company stating that the transaction has already been authorized. However in the early days of the internet, that proved to be too difficult a system to set up, but it would have been the more correct solution. In the end they opted for the less effective, but easier to implement system.

Now on to your question. In your case, I can't see SSL offering much. If somebody want's to set up a program to monitor what is being sent to/from the network, it can still be done, as they can just place the hooks to capture the data before it's actually encrypted. If you're worried about third parties, or opponents they are playing against, sniffing the wire to figure out information about the game they shouldn't have access to, such as chat between teammates of the other team. Well, I would say the risk there is pretty minimal, and not worth addressing.

blocks|key|897146|text|除了关于在传输过程中加密用户名和密码的说明外，SSL还以增加每个请求的开销为代价来防止Man+in+the+Middle+attacks。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|897147|问题是您必须有某种方法让客户端知道您的特定证书是有效的……或者更准确地说，它是您的游戏中唯一有效的。|897148|这也带来了一个问题，即在旧证书过期后，当新证书替换旧证书时，如何告诉游戏。|897149|不过，说真的，除非这是某种订阅游戏，否则SSL可能是矫枉过正。|897150|entityMap|0|LINK|mutability|MUTABLE|url|http://en.wikipedia.org/wiki/Man-in-the-middle_attack^0|17|P|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|R|8|@]|9|@$A|S|B|T|1|U]]|C|$]]|$1|D|3|E|5|6|7|V|8|@]|9|@]|C|$]]|$1|F|3|G|5|6|7|W|8|@]|9|@]|C|$]]|$1|H|3|I|5|6|7|X|8|@]|9|@]|C|$]]|$1|J|3|-4|5|6|7|Y|8|@]|9|@]|C|$]]]|K|$L|$5|M|N|O|C|$P|Q]]]]

In addition to the notes about about encrypting usernames and passwords during transmission, SSL also prevents <a href="http://en.wikipedia.org/wiki/Man-in-the-middle_attack" rel="nofollow noreferrer">Man in the Middle attacks</a> at the expense of adding overhead to every request.

The catch is that you must have some way of letting the client know that your particular certificate is valid... or more precisely, that it's the only valid one for your game.

Which also brings up the problem of how you tell the game when a new certificate replaces the old one after the old one expires.

Seriously, though, unless this is a subscription game of some sort, SSL is probably overkill.

I'm wondering if I should add an SSL layer between my server and client. I'm not handling any confidential data, but there is a very small chance someone might want to hack transmissions in order to gain intelligence (this is a game by the way). Now the amounts of data to be processed are considerable when compared to a small website and although the added security might be nice the most likely hackers would be users themselves, so I feel SSL would be a waste of time, but would like to hear about others experiences.

Thanks

Is SSL really worth it?

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

我想知道是否应该在我的服务器和客户端之间添加一个SSL层。我没有处理任何机密数据，但有人为了获取情报(顺便说一句，这是一场游戏)想要破解传输的可能性很小。现在，与小型网站相比，要处理的数据量是相当大的，虽然增加的安全性可能很好，但最有可能的黑客是用户自己，所以我觉得SSL是浪费时间，但我想听听其他人的经验。谢谢

问SSL真的值得吗？
EN

回答 9

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问SSL真的值得吗？EN

回答 9

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问SSL真的值得吗？
EN