Is there any way to stop clients from calling Network.Destroy? I find it nearly impossible to have decent security when a client can go around destroying objects. Any help is much appreciated.
Yes, however, while I agree the server should be the only one able to call it, clients can still call it using Unity's networking. It would be a simple process of decompiling and recompiling the binary. So what I was trying to figure out is if there is a way to make it so clients can not call it. My understanding is there is not.
just let it destroy the network if it's the server http://unity3d.com/support/documentation/ScriptReference/Network-isServer.html, otherwise not
Yes, Cod, but that is a client sided solution, and therefor not secure. For example: Lets say I use that solution in a client such as if (Network.isServer) Network.Destroy(...) else return Or maybe I don't even include Network.Destroy in the client and I make a separate binary for the server. In either case, I can simply decompile the client, and recompile with code like: Network.Destroy(...) which will take place regardless of if the server sends it or not.
It does seem odd that people other than the owner of the object can destroy it. But there are plenty of other holes anyway - it would be just as easy for somebody to inject some Network.Instantiate calls, and equally damaging to the game's security.
Indeed, George Foot, but I think destroy is the worse. The reason being we can destroy instantiations and put in checks so they don't initialize before we've checked and made sure the server made them. It is an annoying solution to a problem that shouldn't exist, but it is a solution. With Network.Destroy, damage is done instantly and is not even fixable.