Search Unity

  1. Check out our Unite Austin 2017 YouTube playlist to catch up on what you missed. More videos coming soon.
    Dismiss Notice
  2. Unity 2017.2 is now released.
    Dismiss Notice
  3. The Unity Gear Store is here to help you look great at your next meetup, user group or conference. With all new Unity apparel, stickers and more!
    Dismiss Notice
  4. Introducing the Unity Essentials Packs! Find out more.
    Dismiss Notice
  5. Want to see the most recent patch releases? Take a peek at the patch release page.
    Dismiss Notice
  6. Unity 2017.3 beta is now available for download.
    Dismiss Notice

Clients can call Network.Destroy?

Discussion in 'Multiplayer Networking' started by Dulci, Jun 2, 2012.

  1. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Posts:
    5
    Is there any way to stop clients from calling Network.Destroy? I find it nearly impossible to have decent security when a client can go around destroying objects. Any help is much appreciated.
     
  2. foxter888

    foxter888

    Joined:
    May 3, 2010
    Posts:
    530
    network destroy is a line that only the server should be calling
     
  3. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Posts:
    5
    Yes, however, while I agree the server should be the only one able to call it, clients can still call it using Unity's networking. It would be a simple process of decompiling and recompiling the binary. So what I was trying to figure out is if there is a way to make it so clients can not call it. My understanding is there is not.
     
  4. cod

    cod

    Joined:
    Nov 26, 2011
    Posts:
    267
  5. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Posts:
    5
    Yes, Cod, but that is a client sided solution, and therefor not secure. For example: Lets say I use that solution in a client such as

    if (Network.isServer)
    Network.Destroy(...)
    else return

    Or maybe I don't even include Network.Destroy in the client and I make a separate binary for the server. In either case, I can simply decompile the client, and recompile with code like:

    Network.Destroy(...)

    which will take place regardless of if the server sends it or not.
     
  6. George Foot

    George Foot

    Joined:
    Feb 22, 2012
    Posts:
    399
    It does seem odd that people other than the owner of the object can destroy it. But there are plenty of other holes anyway - it would be just as easy for somebody to inject some Network.Instantiate calls, and equally damaging to the game's security.
     
  7. Dulci

    Dulci

    Joined:
    Jun 2, 2012
    Posts:
    5
    Indeed, George Foot, but I think destroy is the worse. The reason being we can destroy instantiations and put in checks so they don't initialize before we've checked and made sure the server made them. It is an annoying solution to a problem that shouldn't exist, but it is a solution. With Network.Destroy, damage is done instantly and is not even fixable.