I am trying to build a networking game with an authoritative server.
The problem is currently, I don’t see how you could avoid client from instantiating object and calling RPCs. So any client can basically screw up the server and the other clients without any restriction.
Is there a solution? Is it normal that we have nothing to avoid this while all communications are supposed to pass by the server anyway?
In the RPC check whether you are the server or the client.
In calls where it is only the server who should be allowed to operate, simply return if the code is running on the client:
[RPC]
public void myServerOnlyMethod()
{
if (isServer())
{
//do a server only thing
}
}
[RPC]
public void myClientOnlyMethod()
{
if (isClient())
{
//do a client only thing
}
}