I am evaluating SFS2X and have couple of questions regarding room creation.
I understand that I can create rooms server side or client side. Maybe I don't completely understand it, but I have several security issues.
I don't really see a reason why some user couldn't create his own client which would keep creating rooms. I understand there is a "maximum rooms per user" setting for the zone, but I still see some issues (if he creates his own client to create rooms):
1) user could create room without setting extension (or sends wrong data for extension). So, if user sends request from client to create a room, is there a way to manually set extension to that room on server after room is created.
2) Is there a way to completely prevent room creation from client?
3) Is there a way to have some server side checking whether to allow creation of certain room before it is created from client? For example if I don't like the name of the room, then I reject room creation.
goran
Rooms creation and extensions
Re: Rooms creation and extensions
Hello,
There is a limit of Rooms that a single client can create, so spamming is not a possibility.
I am not sure I understand. In any case a client will always be limited to create X number of concurrent Rooms, which could be even 1, if that's what you need.
If you don't want your clients to be able to ever create a Room you can change your sever's permission to deny the CreateRoom request from client side. This is done from the AdminTool > Zone Configurator > Privilege Manager.
More on this here: http://docs2x.smartfoxserver.com/Advanc ... ge-manager
No, the Extension must be set at creation time.
If you need special logic to setup your Extension I would recommend to create your own custom Extension command that the client can invoke and that will create the Room for the player(s).
Yes, as mentioned above.
I'd recommend the strategy explained at point #1. Make your own "create room" command on the server side, and call it from your clients.
Hope it helps
I don't really see a reason why some user couldn't create his own client which would keep creating rooms.
There is a limit of Rooms that a single client can create, so spamming is not a possibility.
I understand there is a "maximum rooms per user" setting for the zone, but I still see some issues (if he creates his own client to create rooms):
I am not sure I understand. In any case a client will always be limited to create X number of concurrent Rooms, which could be even 1, if that's what you need.
If you don't want your clients to be able to ever create a Room you can change your sever's permission to deny the CreateRoom request from client side. This is done from the AdminTool > Zone Configurator > Privilege Manager.
More on this here: http://docs2x.smartfoxserver.com/Advanc ... ge-manager
1) user could create room without setting extension (or sends wrong data for extension). So, if user sends request from client to create a room, is there a way to manually set extension to that room on server after room is created.
No, the Extension must be set at creation time.
If you need special logic to setup your Extension I would recommend to create your own custom Extension command that the client can invoke and that will create the Room for the player(s).
2) Is there a way to completely prevent room creation from client?
Yes, as mentioned above.
3) Is there a way to have some server side checking whether to allow creation of certain room before it is created from client? For example if I don't like the name of the room, then I reject room creation.
I'd recommend the strategy explained at point #1. Make your own "create room" command on the server side, and call it from your clients.
Hope it helps
Re: Rooms creation and extensions
Thanks for reply. Yes, I went the route of sending command from client and creating rooms on the server.
"I am not sure I understand. In any case a client will always be limited to create X number of concurrent Rooms, which could be even 1, if that's what you need."
What I wanted to say is that the way I understand user can create/write his own client and start creating rooms in my zone. All he needs is to know IP and port of the server and name of the zone and he could create rooms in the zone which would not be attached to correct extension. Users would join the room, but game would not play, since extension is not attached to the room. Is that correct?
So, for me it would be better to totally prevent creation of rooms from client (with the setting you mentioned), which I will do.
"I am not sure I understand. In any case a client will always be limited to create X number of concurrent Rooms, which could be even 1, if that's what you need."
What I wanted to say is that the way I understand user can create/write his own client and start creating rooms in my zone. All he needs is to know IP and port of the server and name of the zone and he could create rooms in the zone which would not be attached to correct extension. Users would join the room, but game would not play, since extension is not attached to the room. Is that correct?
So, for me it would be better to totally prevent creation of rooms from client (with the setting you mentioned), which I will do.