I’m modifying my gamemode to use “net” since the original codebase goes back a few years.
In some places, however, I use concommand.Add() and use that as a way of receiving simple one-off commands for (for example) creating an organization, etc.
At the moment, I have a whole load of checking on all of that stuff to ensure that someone can’t provide invalid parameters, etc.
My question is: If I change those concommands to being “net” library calls, will I still have to re-validate the ranges of the parameters (much in the same way as a website has to perform server side validation)? The function would be called directly from the UI, so the values would be set to certain things there anyway and it is not run by any other means (I hope!)
Basically, are clients able to dick around with net.SendToServer() so that it now sends anything they like while running on a server? I’m assuming that they can - but maybe gmod has some kind of security mechanism whereby this is not normally possible. I saw that scriptenforcer is old and doesn’t apply any more, but does anything actually replace it?
If it is true that they can mess around with it, is it possible to mess with the types so that a WriteUInt(x, 16) becomes a WriteUInt(x, 32) and things get unaligned and potentially get my server out of sync?