Closed Marekkon5 closed 1 year ago
This check ensures a valid ConnectToken is only used in the server it was generated for, malicious users could use valid tokens in servers they are not supposed to enter. But, you are right, with insecure connections this check is not useful. There are 2 things that we could do:
disable_host_address_check
The first is probably easier
Right now the only way to check if NetcodeServer
is using secure connection is to check if connect_key
is all zeroed out.
Probably a good idea to add an enum that specifies what connection server is using. That enum can also hold connect_key
, as it's not used in unsecure connections.
Also, is public address even used when using unsecure connections? I checked through the code and it seems that it's only used in this host check. If so, I think it'll safe to move it to that connection type enum too.
If this sounds reasonable I can start working on this.
Done in #102, when choosing the unsecure option, the host check is disabled.
Hello, I don't really get the purprose of this check (in unsecure scenarios) and it makes testing, or connecting remotely + locally impossible.