Any way to disable CloseConnection for master

Options
sunstar3d
sunstar3d
in Photon Unity Networking (PUN)
The issue I have is a hacked client is able to kick all the player out of the room.
I haven't found any way to prevent this or disable the functionality for the room.
Any help would be appreciated.

Comments

  • JohnTube
    JohnTube ✭✭✭✭✭
    Options
    Hi @sunstar3d,

    Thank you for choosing Photon!

    There is no way to disable it without changing client code.
    So I suggest you comment out or delete all code related to CloseConnection, change GameVersion / AppVersion and then release a new client update preferably force updates if you have that feature.
  • sunstar3d
    sunstar3d
    Options
    Hi John,
    Thank you for responding. My issue is the client is hacked to send the OpRaiseEvent(PunEvent.CloseConnection... My client doesn't ever call anything related to close connection. My concern is any hacker can just send the low level OpRaiseEvent and the server will just kick
    Whoever the hacker wants out. Nothing I do on the client side can prevent that if the server allows it.

  • [Deleted User]
    [Deleted User]
    Options
    Hi @sunstar3d,

    as @JohnTube already mentioned you can comment out all code related to the CloseConnection feature. This includes the handling of this certain event as well and is the most important part. Please have a look at the OnEvent function inside the NetworkingPeer class. In this function is a switch condition with a PunEvent.CloseConnection case. You can either remove or comment out the entire case or the code inside this case. This will remove the part of the CloseConnection feature, which is causing trouble in your specific case.
  • sunstar3d
    sunstar3d
    Options
    Hi Christian

    I will strip it of anything related to close connection. My concern is the hacker doesn't need to be using those functions and can just create the low level packet data itself and send it. Seems like a function to disable kick functionality from the server for this room would be the proper way to solve this. Seems like a big security hole where any player can take control of master and send closeconnection. This can be done to every app running on photon public cloud.
  • [Deleted User]
    [Deleted User]
    Options
    If you remove the related lines of code from the OnEvent handler, nothing will happen, if a client receives a PunEvent.CloseConnection event. You can have a look at this yourself: whenever a client receives an event, NetworkingPeer.OnEvent is called. Each default (or build-in) event is already implemented and gets processed if necessary. If you now remove a certain event case from the OnEvent handler, this event simply won't work anymore.

    Seems like a function to disable kick functionality from the server for this room would be the proper way to solve this.


    Since there is no possibility to kick a client server-side (at least not for this case), the idea behind CloseConnection is, to make a client call PhotonNetwork.LeaveRoom(false);. So you basically ask him to leave the room on his own and don't become inactive. In this case the server just forwards this certain message to the certain player (the one who should be removed from the game).

Cookies,
anyone?

We use cookies and related technologies to enhance your experience, show you personalised content and analyze performance and traffic on our website. By clicking on the „Accept All“ button you consent to the use of non-functional cookies and the subsequent processing of personal data to optimize our website and services as described in more detail in our Privacy and Cookie Policy.

By clicking on the „Customize or Deny all“ button you can decide otherwise. Clicking on the „Customize“ button will take you to a page where you can configure the usage of non-functional cookies (and related technologies) or deny all of them. You can access these settings at any time and also subsequently deselect cookies at any time in the footer area of our website.

ACCEPT ALL

Cookie Overview

We use the following categories of cookies and related technologies to enhance your experience, show you personalized content, and analyze performance and traffic on our website. We respect your right to privacy and accordingly you can chose to not allow some types of cookies (and related technologies). Click on the different category sliders and change our default settings to manage your cookie settings.

For more information on the specific cookies/related technologies we use and on how we use these, please see section 15 E. of our Privacy and Cookie Policy.

ABSOLUTELY NECESSARY

Authentication cookies we use are required to run our services … Cookies are required: Link

FUNCTIONAL AND MARKETING COOKIES

These cookies collect anonymous data and allow us to optimize our website and user experience. These cookies are listed here:

ANALYTICS

Help us to understand how visitors interact with our services, enables us to analyze and improve our services (also through third party analytics).