1. We've introduced thread tags, search within a thread and similar thread search. Read more here.
    Dismiss Notice
  2. We've released our first Timeline Experimental Preview, our new tool for creating cutscenes and more! To check it out click here.
    Dismiss Notice
  3. All Unity Pro perpetual license customers: your special offer to subscribe is ready! Click here.
    Dismiss Notice
  4. Unity 5.5 is now released.
    Dismiss Notice
  5. Check out all the fixes for 5.5 in patch releases 1 & 2.
    Dismiss Notice
  6. Unity 5.6 beta is now available for download.
    Dismiss Notice
  7. Get prepared for the Tizen Mobile App Incentive Program! Read more about the upcoming program here.
    Dismiss Notice
  8. Enter the Microsoft Developer Challenge for a chance to win prizes. Read more about it here.
    Dismiss Notice

Clients can call Network.Destroy?

Discussion in 'Multiplayer Networking' started by Dulci, Jun 2, 2012.

  1. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Messages:
    5
    Is there any way to stop clients from calling Network.Destroy? I find it nearly impossible to have decent security when a client can go around destroying objects. Any help is much appreciated.
     
  2. foxter888

    foxter888

    Joined:
    May 3, 2010
    Messages:
    530
    network destroy is a line that only the server should be calling
     
  3. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Messages:
    5
    Yes, however, while I agree the server should be the only one able to call it, clients can still call it using Unity's networking. It would be a simple process of decompiling and recompiling the binary. So what I was trying to figure out is if there is a way to make it so clients can not call it. My understanding is there is not.
     
  4. cod

    cod

    Joined:
    Nov 26, 2011
    Messages:
    267
  5. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Messages:
    5
    Yes, Cod, but that is a client sided solution, and therefor not secure. For example: Lets say I use that solution in a client such as

    if (Network.isServer)
    Network.Destroy(...)
    else return

    Or maybe I don't even include Network.Destroy in the client and I make a separate binary for the server. In either case, I can simply decompile the client, and recompile with code like:

    Network.Destroy(...)

    which will take place regardless of if the server sends it or not.
     
  6. George Foot

    George Foot

    Joined:
    Feb 22, 2012
    Messages:
    399
    It does seem odd that people other than the owner of the object can destroy it. But there are plenty of other holes anyway - it would be just as easy for somebody to inject some Network.Instantiate calls, and equally damaging to the game's security.
     
  7. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Messages:
    5
    Indeed, George Foot, but I think destroy is the worse. The reason being we can destroy instantiations and put in checks so they don't initialize before we've checked and made sure the server made them. It is an annoying solution to a problem that shouldn't exist, but it is a solution. With Network.Destroy, damage is done instantly and is not even fixable.