koobas.hobune.stream
Network.Instantiate and the Trusted Client problem
From what I've gathered from looking at the samples and reading the Unity documentation, the typical usage pattern on Network.Instantiate is for the server to create objects that it owns and replicate those to the clients, and for each client to create his player avatar which he owns and replicate that to the server.
The problem is that I don't see a way for the server to validate the client's Network.Instantiate call in order to determine that the requested prefab is available to that client and that the game is in a state where that prefab is valid.
There is the case of a compromised client which is spamming Network.Instantiate calls to the server to degrade the game for others or intentionally requesting prefabs that are inappropriate for the player.
I can build a networking system that doesn't make use of Network.Instantiate for my own game, but then is there a way for a server to prevent all incoming Network.Instantiate calls from being received and acted upon?
As far as I can tell, it's a problem which exists for all RPC calls, not just Network.Instantiate. Network.Instantiate isn't anything magical, it's just a shortcut for doing a common task. In fact, in a lot of cases using Network.Instantiate is undesirable because you might want a high-detail model to be instantiated for the local 'owner', and a low-detail one for all the others.
From what the documentation tells me, Network.InitializeSecurity() on the server goes a fair way to preventing certain attacks, but I'm not sure what its limitations are (since I've never really tested it).
InitializeSecurity will help, but it's not dealing with the problem from the ideal perspective. It's trying to stop someone from hacking the game through using encryption. I don't see how that will stop the typical "man-in-the-middle" proxy-based attack.
The difference between an RPC and a Network.Instantiate is that the RPC sends a function call to the server and it knows which client sent the request so the server can evaluate whether the action requested is appropriate. With a Network.Instantiate, I don't see any way for the server to verify that the client requested a valid prefab before instantiating it.
What I want is either for a Network.Instantiate call to call a function on the server when received, say NetworkInstantiateVerify. Or else to be disabled entirely, so that only RPCs can be used for this purpose.
Any request a client can make that isn't trapped by the server is a potential security risk.
