Obscuring dynamic field from client?

There are no stupid questions, just stupid answers.
3 posts Page 1 of 1
Posts: 25
Joined: Tue Mar 01, 2016 11:39 pm
by Tiel » Sat Dec 31, 2016 8:25 pm
When you set up a multiplayer server, I understand there's a dissonance between what's on the server vs the client. Correct me if I'm wrong, but on connect, a client has objects in the game world 'ghosted' to them, is the word. Following that any game logic should be on the server.

Because if you do, say
function serverCmdassignproperty(%thing)
A client attempting to access %thing.juice without calling a server command will not be able to retrieve the string "yes" and Torque throws a warning, at least in my tests.

This seems safe enough...or is it? Are there any circumstances where a client would be able to get %thing.juice without invoking a commandtoserver? Is there anything that should be done further to ensure .juice stays out of the wrong hands?
Posts: 497
Joined: Tue Feb 03, 2015 9:50 pm
by Azaezel » Sun Jan 01, 2017 4:36 pm
Nah, security of that nature is built into the bones. Variable ghosting requires either https://github.com/GarageGames/Torque3D ... s.cpp#L219 + https://github.com/GarageGames/Torque3D ... s.cpp#L240

or, as it looks like you're intending, an explicit commandtoclient("Foo",%var)+cliencmdFoo(%var) to retrieve data from a server. Anything you tack onto one side of the net connection on the fly stays on that side.
Posts: 25
Joined: Tue Mar 01, 2016 11:39 pm
by Tiel » Mon Jan 02, 2017 3:36 am
Awesome, much obliged.
3 posts Page 1 of 1

Who is online

Users browsing this forum: No registered users and 10 guests