Why is datastream so horrible, is it just less efficient? And, if so, how can I use concommands without allowing players to use the command. Does the handler or the command need a check to see if the player is trying to execute it? Or is there a special concommand type that can only be executed through code. ( I use datastream to give players a gun, with a certain amount of ammo through their client script through a derma menu. I don’t want the player to be able to use a concommand to bypass my points system, and I don’t know how to stop them with concommands!!!)
Thanks, I want to use the best method, but I spent much too long trying to do this with concommands, and I finnaly gave up about a week ago, then discovered datastream.
If you’re using datastream, there is nothing stopping a client from sending data by itself (this is analogous to just manually running a concommand).
If you expect some sort of security with datastream, you’re misunderstanding the concept.
You need to validate the actions taken by the client on the server.
For example, say you have a store NPC which runs the concommand “open_store” when you press use on it.
On the server side of things, you must check if the client is close enough to this NPC, has privileges to access it, is alive, etc.
This is no different than having datastream handle this. You still need to perform the same validation.
This is a fatal mistake. There is no security by simply using datastream. I could create my own client side script to perform the same actions yours does, and give myself more ammo than normally possible. (Assuming that you’re really not doing any checks. Shame on you.)
The server must always validate the client action for both systems.
That, and for server to client stuff it sends the data in three separate usermessages. That makes it much slower. The average usermessage takes about 0.1 to 0.3 seconds to make it to the client depending on the data being sent. Multiply by three and try to send a table via datastream, transfers could take up to a whole second or more. Taking that long for things such as network synchronization is generally a bad thing.