I have seen a lot of people criticize scripts for networking being insecure. I was wondering if anyone knows about a guide that covers this. Thanks.
No one should really need a guide, simply make a check once it is received on the server.
In which way being insecure?
Of course you need to check, on the serverside, for manipulated information (Like in every script or programming language).
net.Receive( "bla", function( _, ply )
here you have the ply. check that he isn't spamming it, if it's for example a shop check that he's in range, check that he's alive etc.
if it's some sort of currency, check that he has that amount(basically so you dont just rely on a button being clickable clientside if he can afford it)
it's not some one way thing, it's just putting checks in place to ensure that the player can't do anything that isn't supposed to be doable. like buying from a shop while being far away, using skill points that he doesn't have, etc
Just remember anyone can tell the server anything they want whenever they want. It's all you need to know.
When it comes to networking, on the server the second argument to net.Receive functions (ply) is the ONLY thing a player can't control.
The above, basically. I'll repeat it anyway, but in a slightly different way.
Don't trust anything coming to your server from the client.
The code running on the server needs to check that the client is allowed (according to the rules of your game) to do the thing that they are doing.
1) "Authentication" - This part is easy - you know /who/ the player is because they sent you the message.
2) "Authorization" - This is the "what". What is this player trying to do? Is it correct that they should be able to do that thing? Check that with your code, on the server, before actually going ahead and doing (in code) the thing that the player's message was sent to do.
That's it.
Sorry, you need to Log In to post a reply to this thread.
