- Home /
Security: Sending RPC to all clients
Is there anything stopping a malicious client from sending an RPC to all clients pretending to be the server?
Example: If you have an RPC method on a client that updates some game state, are all other clients able to call that or only the server? Is there any way to restrict it to only the server for an authoritative server?
There's not much built-in security, I'm afraid. Considering that malicious clients will have full access to access, manipulate, and call any IL code downloaded to their machine, it's exceptionally difficult to really lock things down. There have been plenty of forum threads about this, but I don't know that I have a link for a particularly good one. Here's the best I can drum up in a few seconds, but it's nothing world-shaking.