We are building an app where it should be possible to let a lot of people (thousand+) in to play a game for a short amount of time. Some of the data exposed in the game is sensitive data that should only be possible to read for players of that game. The number of people is many times higher than what the user quota is so it is not viable to “just upgrade”. I´m looking for some ideas or best practise to solve this with an acceptable risk.
Option 1 - Unauthenticated app. Create temporal objects from the sensitive objects when the game starts and use a cleanup service to remove everything afterwards after collecting the “game data”. This will reduce the possible time frame an attack can happen to a minimum. Our idea is to use data silos to ensure that data can only be read by authenticated users, but if no user is authenticated we lose this possibility. (I assume “Filtered security” will not aid in this matter?)
Option 2 - Authenticated app. For each game, create a “Game user” that we log everyone for that game into, if they have an authentication link with a guid (+ a perhaps a pass code sent by a service to mail/SMS). We do have auth0 set up, so we could pipe everyone through there as well to further reduce the risk, but I assume as long as you have the link you have the access, so the risk is about the same. If we were to use auth0 in an authenticated app we will still have the problem with the user limitation. What is the maximum number of sessions for a user? If this is a low number this option will not work anyway.
Grateful for any other options or suggestions/thougts.
Regards,
Johan