1. Help us improve the editor usability and artist workflows. Join our discussion to provide your feedback.
    Dismiss Notice
  2. Unity 5.6 is now released.
    Dismiss Notice
  3. Check out all the fixes for 5.5 in patch releases 1 & 2.
    Dismiss Notice
  4. Get further faster with the Unity Plus Accelerator Pack, free for new Unity Plus subscribers for a limited time. Click here for more details.
    Dismiss Notice
  5. Learn how you'll soon be able to publish your games to China in four simple steps with Xiaomi. Sign up now for early access.
    Dismiss Notice

Clients can call Network.Destroy?

Discussion in 'Multiplayer Networking' started by Dulci, Jun 2, 2012.

  1. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Posts:
    5
    Is there any way to stop clients from calling Network.Destroy? I find it nearly impossible to have decent security when a client can go around destroying objects. Any help is much appreciated.
     
  2. foxter888

    foxter888

    Joined:
    May 3, 2010
    Posts:
    530
    network destroy is a line that only the server should be calling
     
  3. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Posts:
    5
    Yes, however, while I agree the server should be the only one able to call it, clients can still call it using Unity's networking. It would be a simple process of decompiling and recompiling the binary. So what I was trying to figure out is if there is a way to make it so clients can not call it. My understanding is there is not.
     
  4. cod

    cod

    Joined:
    Nov 26, 2011
    Posts:
    267
  5. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Posts:
    5
    Yes, Cod, but that is a client sided solution, and therefor not secure. For example: Lets say I use that solution in a client such as

    if (Network.isServer)
    Network.Destroy(...)
    else return

    Or maybe I don't even include Network.Destroy in the client and I make a separate binary for the server. In either case, I can simply decompile the client, and recompile with code like:

    Network.Destroy(...)

    which will take place regardless of if the server sends it or not.
     
  6. George Foot

    George Foot

    Joined:
    Feb 22, 2012
    Posts:
    399
    It does seem odd that people other than the owner of the object can destroy it. But there are plenty of other holes anyway - it would be just as easy for somebody to inject some Network.Instantiate calls, and equally damaging to the game's security.
     
  7. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Posts:
    5
    Indeed, George Foot, but I think destroy is the worse. The reason being we can destroy instantiations and put in checks so they don't initialize before we've checked and made sure the server made them. It is an annoying solution to a problem that shouldn't exist, but it is a solution. With Network.Destroy, damage is done instantly and is not even fixable.