Wait for backend before accepting player
For example, let's say I ban a player. What if they authenticate out of my secure backend and authenticate into Normcore instead to connect with players? Their interaction would be limited, sure, but they could still communicate and cause chaos, especially if using exploits. Photon offers custom authentication for free, I dont see why Normcore cant offer at the very least a basic server to server interaction. Im aware Normcore offers this for the paid version. Also, even though your app ID is encrypted upon build, it's not impossible to decrypt. And once it's decrypted, rig spamming and other cheats are possible. Custom authentication fixes the issue because to do this, the player has to not be logged into the backend.
It seems to me that Normcore is extremely vulnerable to misuse on the free plan.
If there is a way, how can I go about preventing misuse? Ive been told about Oculus's server to server authentication, but that really doesnt matter if the cheaters ignore the backend entirely.
It seems to me that Normcore is extremely vulnerable to misuse on the free plan.
If there is a way, how can I go about preventing misuse? Ive been told about Oculus's server to server authentication, but that really doesnt matter if the cheaters ignore the backend entirely.
