Sign In Register

How can we help you today?

Start a new topic

Trust the Client? Best Practice

Hello,


i didnt found any informations about this.

Whats about the think "dont trust any client?" Whats about the security.

For example if the player has in game money, and there will sync this value after a trade, (the value can be up or down), and this value is manipuluate in the memory befor the sync to the database... Whats about this thinks.

Which mechanism is there to stop this cheatings.


Cheers

Mike


Hey Mike,


You can make the server handle the transaction entirely for example when your player do the trade the server should know how much to debit or credit to the player. 


Other option is to verify values coming from the client in the server if value is higher than a max value then you know that player is trying to cheat.

Imagine your client is just a window to the server. Therefore when someone "gets money", really, the server is telling the client that they recieved money. The Client should never tell the server what to do, they should only request, and it's the server's job to validate that the data passed in is authentic.


Example:

I walk over an item drop in-game. Rather than the client telling the server "Hey, I just got a new item!", the server tells the client "you have a new item".

If you didn't do it this way, a hacked client could just place 1,000 items all in a row, and the client would keep telling the server they got 1,000 of said item, when there was only supposed to be 1.


Hope this general concept makes sense.

Give you a real-world example of what I need to do in my real-time game.

In my game, there is an arena of, say 12x6. In the normal game, it takes the player about 3.5 seconds to travel from the bottom (0) to the top of the arena (5). However, because the client lets the server know where the player wants to be, I have to validate the current position, the desired position, and the elapsed time since last update. This is because if the client is hacked, and the player movement is sped up, they could potentially go from the bottom of the arena, to the top of the arena, in half a second. If the client told the server where they were, it would be easy, sure, but also a poor experience for other players. This is obviously undesirable. Therefore the server will keep track of the information, and to everyone else, it will still take them 3.5 seconds to travel, even if the client is hacked; this is because the server is like: "Well, I know where the current player is, and where he wants to be, but only 1 second has passed, so they should really only be less than a third of the way there."

Login to post a comment