ObjectMessageRequest's in MMO Room

Post here your questions about SFS2X. Here we discuss all server-side matters. For client API questions see the dedicated forums.

Moderators: Lapo, Bax

Post Reply
User avatar
meanvel
Posts: 129
Joined: 19 Jan 2017, 14:06

ObjectMessageRequest's in MMO Room

Postby meanvel » 14 Apr 2017, 10:55

I have noticed that these sent from clientside override the AOI and goto all users in a MMO room.

Code: Select all

//sfs.send(new ObjectMessageRequest(sfsDataObj,currentRoom));//sfsObject Goes to all MMO room users, ignores AOI
sfs.send(new ExtensionRequest(SET_GHOSTING, sfsDataObj, currentRoom)); //sfsObject Goes through extension, then to MMO Api to local AOI


Have you thought of changing this to use the default AOI for MMO rooms? I'm not sure it makes sense to allow clients to send messages to an entire MMO room, and it presents a security issue for flooding attacks...

Eg, imagine a MMO room with thousands of users, and a hacker pushes out large object messages to try to lag the server.

A simple solution would be the ability to allow only AOI Restricted clientside communications in MMO rooms.
Top
User avatar
Lapo
Site Admin
Posts: 23026
Joined: 21 Mar 2005, 09:50
Location: Italy

Re: ObjectMessageRequest's in MMO Room

Postby Lapo » 18 Apr 2017, 14:16

The ObjectMessage request is a bit of complicated beast when it comes to MMORooms so we are not supporting this specific request for now. You can easily replicate this functionality with the PublicMessage request, by passing the extra optional SFSObject parameter.

As regards the security concern you've raised I would recommend to disable ObjectMessageRequest from your Zone's Permission manager.

cheers
Lapo
--
gotoAndPlay()
...addicted to flash games
Top
Post Reply

Return to “SFS2X Questions”

Who is online

Users browsing this forum: No registered users and 54 guests