Tiel Posted December 31, 2016 Posted December 31, 2016 When you set up a multiplayer server, I understand there's a dissonance between what's on the server vs the client. Correct me if I'm wrong, but on connect, a client has objects in the game world 'ghosted' to them, is the word. Following that any game logic should be on the server.Because if you do, say function serverCmdassignproperty(%thing) { %thing.juice="tampa"; } A client attempting to access %thing.juice without calling a server command will not be able to retrieve the string "yes" and Torque throws a warning, at least in my tests.This seems safe enough...or is it? Are there any circumstances where a client would be able to get %thing.juice without invoking a commandtoserver? Is there anything that should be done further to ensure .juice stays out of the wrong hands? Quote
Azaezel Posted January 1, 2017 Posted January 1, 2017 Nah, security of that nature is built into the bones. Variable ghosting requires either https://github.com/GarageGames/Torque3D/blob/c83efa59e0a11fc15c68afaf106807643191ac6f/Engine/source/environment/basicClouds.cpp#L219 + https://github.com/GarageGames/Torque3D/blob/c83efa59e0a11fc15c68afaf106807643191ac6f/Engine/source/environment/basicClouds.cpp#L240or, as it looks like you're intending, an explicit commandtoclient("Foo",%var)+cliencmdFoo(%var) to retrieve data from a server. Anything you tack onto one side of the net connection on the fly stays on that side. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.