User rights? Limiting who can create a room? Is this hacker paradise?

This may seem like a dumb question but, I noticed that every user who connects to my Photon network seems to have the right to create rooms. They can also set all the settings for any rooms they create, including making the room visible to the lobby. I want only "official" rooms to... exist. Or in the very least, only official rooms to be visible in the lobby. Official rooms would be the ones created be me or some kind of "admin".

Furthermore I noticed from the "demo-loadbalancing-unity" demo, that any player who joins any room can change any and all of the room's custom properties, even if they didn't create the room. Seems like hacker paradise.

Please tell me I'm not the first person to think of this.

If the answer is: use Photon server, I'm going to be flabbergasted. You mean to tell me that I can't even stop a user from creating 10,000 rooms, or injecting profanity into every custom property of every room (including rooms they didn't create), except that I must NOT use the cloud, and must host my own server?

If that's the case, someone could go to the "showcase" page where photon lists all the games made by every company, and systematically hack them all so hard that they all have to shut down, close their doors, and go home, and cry like babies.

Please tell me I'm wrong...

Comments

  • Pasting in reply from ticket (if you post on the forum and also send the exact same thing to our support, please state this in your messages, thanks):

    yes, in general you are right - properties have no ownership as of now.

    Clients can/should be authenticated
    - You could use plugins (server side room logic) to implement this (only in Enterprise cloud)
    - We work on custom server logic in the public cloud ( LUA) (no ETA)
    - We may integrate owner/master properties in the future (no ETA)
    - There are always plenty of ways to hack destroy games. No matter how hard you safeguard - e.g. DDoS.