Security

Keeping your RCC instance secure should be your top-priority. Unsolicited SOAP requests can be used to crash games, steal games, run server-sided scripts, and much more malicious acts.

Securing your RCC

Firewalls

Keeping your RCC ports available to the entire internet is an extremely risky action to do, and that is why multiple revivals keep getting pwn'd. Due to their ports being open and the combination of no firewall, anybody can access your RCC and execute code, create Jobs, steal games, and much more.

Using Windows, you could use the Windows Defender Firewall utility (found in Control Panel -> System and Security -> Windows Defender Firewall -> Advanced Settings).

Using Linux (yes, you can run RCC under WINE), you can use the ufw command to create firewall rules on your server.

Dedicating a specific port range to be allowed inbound is very helpful in securing your RCC against attackers. For example, you can dedicate ports 10000-20000 for SOAP, and 53640-63640 to gameservers.

Securing your games

IP-whitelisted game fetching (preferred)

Throwing a 403 when somebody tries to fetch your games is preferred when it is NOT a gameserver IP. Having this prevents unsolicited downloads and prevents games from leaking if the original endpoint used to fetch games for gameservers had leaked. Even if your RCC was breached and they snatched your endpoint used for getting games, they will not be able to download your games.

This is a safe method of securing your games. It is recommended.

Key-whitelisted game fetching (bad)

Using a key as a GET parameter (such as /yourgameendpoint?key=ajsdijasiodja) to secure your endpoint would work, but it is still extremely unsafe. Any rogue admin gets the key, they could download any game. Any site source leak, they could download any game.

This is an extremely bad method of securing your games. It is not recommended.