We are working on a game with millions of clients communicating with our servers. These games are for the most part turn-based. I am aware that UDP offers some performance advantages over TCP, but I'm wondering if one protocol enjoys a security advantage over the other? I've read some sites indicating that TCP will generally be safer, but I've seen a significant number of attacks that exploit weaknesses in TCP.
Our code is pretty tolerant of unreliable connections and lost/out-of-order data, which is why I thought of UDP. Thank you!
The big security problem with UDP is that you are susceptible to spoofing and DOS attacks. It's not possible to spoof an address across the internet using TCP since the handshake will never complete. OTOH with UDP there is no implicit handshake - any session maintenance must be done by your code (processing overhead).
I am aware that UDP offers some performance advantages over TCP
Only across a LAN - part of the reason is the decreased latency of not having to carry out a handshake - but the big difference is that it bypasses congestion control mechanisms. That's not an issue for data across a LAN where the packet loss will be very low - but if you want to send data across the internet you're going to have to implement bandwidth throttling, error recovery and congestion control in your application (more processing overhead). While you can handle some types of packet loss via forward error control, this won't help with an overloaded router. All that stuff which slows down UDP is there for a reason.
If your dataflows are not more than, say 2 MSS in any direction followed by an acknowledgement from the remote end, then go for it - but if you want to move a lot of data quickly use TCP (or a station wagon).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With