I recently posted a thread on r/Unity3D looking for input on choice of networking stack for Unity: http://www.reddit.com/r/Unity3D/comm...people_do_for/
Here's the post:
I've been tinkering with Unity's networking support today, and while it's easy to get started and use it, it doesn't seem to lend itself to security.
They have Network.InitializeSecurity which takes care of network layer security (but it doesn't seem to authenticate the server), and their docs say 'You will need to account for this [...] at the game layer.'
Here are my gripes with using Unity's networking to do "game layer" security:
- It doesn't seem to be possible to restrict who's allowed to call Network.Instantiate/Network.Destroy. For security, you'd want only the server to be able to instantiate and destroy objects.
- RPCs always arrive with NetworkMessageInfo#sender set to -1 (if you used RPCMode.All and this is the sending machine) or 0 (every other case, indicates server). Since I can't find a way to filter RPCs on the server, this means that any connected client can call any RPC method on other clients, and the clients can't tell it's not from the server. The only solution to this involves not being able to use RPCMode.All in your code, and instead use RPCMode.Server to fake broadcast: You'd have the server relay the information with a unique magic number for each client, so that the client can ascertain that it came from the server. This also means you need to re-implement buffering (since you can't use RPCMode.AllBuffered).
Are these concerns correct - or did I miss something in my tinkering? If they are, what do you guys use for networking your multiplayer games?
As alternatives, I've seen the following thrown around:
- Photon - has semi-authoritative support, but doesn't integrate well with Unity (according to this post)
- uLink - seems to have good security and integrates well with Unity, but even the indie license is tad expensive for my hobbyist needs (EUR550)
Any others? Any input on these?