Security

security is of critical importantance for both traditional video games and the emerging crypto games space as projects become larger they become increasingly desireable targets for bad actors larger projects are more complex, have more 'attack surfaces' and more potential vulnerabilities we are developing our security in stages early efforts have begun and will continue to be an ongoing focus we will make the highest efforts to ensure data integrity and privacy protections for both the development environment, our partners and our players current efforts client/server communications uses https/wss secure connections asylum lab inc has valid ssl certs plaintext passwords are never sent over the wire passwords are sha256 encrypted and salted communication between game client app and server uses tokens so that even if the game client is compromised, at worst only the game’s credentials are stolen but the user’s password is not exposed users often use the same user name/password for multiple apps, so it’s important to expose a user’s password as little as possible passwords are not stored in the client app only the token is passwords are never stored in database as plaintext server stores sha256 encrypted and salted passwords users are anonymized on database servers to protect privacy servers are deployed in the cloud, in private vpns that protect internal traffic from being spied on database servers are not exposed directly to the outside world except through game server/rest api endpoints all servers use public/private key ssh rather than user name/passwords for ssh access to prevent unauthorized access all sql queries that take user input as a parameter uses prepared statements to prevent injection attacks we are on immutable x which has a custodial wallet component (imx wallet) and a non custodial wallet component (metamask, etc) asylum labs itself does not create or use any other wallets that could be compromised in an attack nfts and tokens are secured by blockchain technology game assets are stored on amazon s3/cloudfront for fast reliable access and minimal downtimes as guaranteed by amazon note as we scale, we may also use microsoft azure if appropriate for performance reasons (ie asia) in either case, game assets are highly available and deployed to edge locations for performance and redundancy future efforts we will hire a cio to manage our security, privacy and compliance teams we plan to use one of the popular systems to protect against ddos attacks; currently evaluating a few systems like www cloudflare https //www cloudflare com/ and www lumen com mysql databases will have master/replication setup for redundancy with daily backups to the cloud, retained for 30 days and also a monthly snapshot for anti gold farming and 'anti bot' protection, our system has a variety of solutions to combat this unhealthy practice we recognize these 'bot farms' can kill a game and will have multiple 'layers' of protection against these nefarious actors game servers will have bot/cheat detection to deter cheating/bot mining of play & earn currencies specific implementation details tbd anti cartel economy design coming soon we have experience w/ gdpr from previous projects and are currently in 'partial' compliance this is an ongoing effort and we will work with external partners (tbd) to manage our global compliance requirements for general smart contract audits (re occuring annually) we will be partnering with someone like https //cyrextech net/ https //cyrextech net/ or https //audit verichains io/ https //audit verichains io/ these certifications will provide the backbone of our web3 strategy for continous improvement and protection