Prohibition of creating rooms


Hello, I am using the construct 2-3. Photon seems like a cool solution to me. I'm trying to implement the logic of a client-server application.

On the client side, there will be only rendering. One of the clients will imitate the server. Only he will know what to do with the information received, who does how much damage. and will send information to the right participants. Connections will only be in one room.

The question arose that if someone hacks the client, and for fun they create millions of rooms that do nothing. How do I prevent alien rooms from appearing. How to allow only one "client" imitating a server to create rooms?


  • Aizark

    moreover, when hacking, you can limit the number of users in the room. I do not understand how to separate the rights of who and what can do

  • Tobias

    Photon Realtime is very client-driven. This has benefits but also drawbacks. There is no concept of roles built in so you can not really limit who is doing something.

    You could do the matchmaking (and room "assignment") externally via a custom http service (which knows your userIDs and roles, etc). This assigns room names to clients and allows them to create them as needed.

    The Photon server can be setup to call WebHooks when rooms are created and joined. This can call your backend and check if it allows the creation of rooms accordingly.

    Game logic can be done inside the server with Server Plugins. This would be custom logic running per room. It requires you to run a Photon Server or subscribe for an Enterprise Cloud, however, which is not feasible for all projects (due to cost).

    The WebHooks and a custom matchmaking should do the job without a plugin.