Clients can call Network.Destroy?

Discussion in 'Multiplayer Networking' started by Dulci, Jun 2, 2012.

  1. Dulci

    Dulci

    New Member

    Joined:
    Jun 2, 2012
    Messages:
    5
    Is there any way to stop clients from calling Network.Destroy? I find it nearly impossible to have decent security when a client can go around destroying objects. Any help is much appreciated.
  2. foxter888

    foxter888

    Member

    Joined:
    May 3, 2010
    Messages:
    529
    network destroy is a line that only the server should be calling
  3. Dulci

    Dulci

    New Member

    Joined:
    Jun 2, 2012
    Messages:
    5
    Yes, however, while I agree the server should be the only one able to call it, clients can still call it using Unity's networking. It would be a simple process of decompiling and recompiling the binary. So what I was trying to figure out is if there is a way to make it so clients can not call it. My understanding is there is not.
  4. cod

    cod

    Member

    Joined:
    Nov 26, 2011
    Messages:
    267
  5. Dulci

    Dulci

    New Member

    Joined:
    Jun 2, 2012
    Messages:
    5
    Yes, Cod, but that is a client sided solution, and therefor not secure. For example: Lets say I use that solution in a client such as

    if (Network.isServer)
    Network.Destroy(...)
    else return

    Or maybe I don't even include Network.Destroy in the client and I make a separate binary for the server. In either case, I can simply decompile the client, and recompile with code like:

    Network.Destroy(...)

    which will take place regardless of if the server sends it or not.
  6. George Foot

    George Foot

    New Member

    Joined:
    Feb 22, 2012
    Messages:
    399
    It does seem odd that people other than the owner of the object can destroy it. But there are plenty of other holes anyway - it would be just as easy for somebody to inject some Network.Instantiate calls, and equally damaging to the game's security.
  7. Dulci

    Dulci

    New Member

    Joined:
    Jun 2, 2012
    Messages:
    5
    Indeed, George Foot, but I think destroy is the worse. The reason being we can destroy instantiations and put in checks so they don't initialize before we've checked and made sure the server made them. It is an annoying solution to a problem that shouldn't exist, but it is a solution. With Network.Destroy, damage is done instantly and is not even fixable.