![]() ![]() When the player first plays your game, assign them a unique player id and let the client pull down encrypted JSON data from the server, this JSON data can contain anything from gameplay configuration to player data/in-game currency. Regarding data storage, stop storing stuff in playerprefs! This will make your server source code unavailable to hackers (that could have hacked it out of your client's source code), and prevent them from putting up their own hacked servers. I'd also suggest having the server code instance as a seperate build that is never distributed. While this does drastically increase server CPU load, at least your game is a lot safer from hackers and cheats. The server should resolve all physics/calculations etc and send the resulting transforms to the clients. In a multiplayer game the only thing that should ever be sent to the server is the player's input. ![]() Maybe instead of a "connected" variable they could find and hack, have a "receiving" variable on the clients so if a player is hacking, they stop receiving updates from that player who will effectively then be playing his own instance of the game and no longer annoying the other players.įully authoritative server is the way to go! But I feel like something simple might not cut it. Maybe do something like mass instantiate expensive prefabs like zombies and buildings infinitely on their client only so their game would crash. I have done pretty much nothing with networking but I would try to implement some kind of anti-hack trolling system that did terrible things to a user's machine if it could be proven beyond a reasonable doubt -like dealing 10x the maximum possible damage to another player- that they were hacking. surely there is a calculable maximum firing rate and damage that can be checked by clients that are being shot at by a hacker. Is there any way to have a peer / client server where position values and damage values are checked by the clients before they make the changes in their own game? 7 days to die has guns. The best answer is often some hybrid design specific to the project. But simply telling everybody to use authoritative servers is not always the right answer either, since a multiplayer game cannot get popular if it feels lagging and unresponsive when people try to play it. ![]() Simply using non-authoritative servers and hoping hackers will leave them alone won't work. So the developers either need to decide how they will get enough performance out of authoritative servers, or they need to figure out how they will implement some server side security for policing clients in a non-authoritative server environment. Generally speaking, authoritative servers are more secure than non-authoritative servers, but non-authoritative servers can offer better performance (less lag). The issue of authoritative servers vs non-authoritative servers should be addressed during the early design stages. At that point, it would require a huge rewrite to fix some of the poor coding/design practices in the games, so it the developers are usually stuck in a terrible bind. As soon as their multiplayer games get popular, the hackers focus on ways to cheat in their games. When people with very little server security experience try to build an amazing multiplayer game, they nearly always concentrate on features and gameplay instead of security. Security needs to be addresses in the earliest stages of development. One of the biggest problems with security is that nearly nobody cares about it until something bad happens, and by that time it requires a huge overhaul to fix the issues. You can read more about Authoritative Servers and some techniques here: ( meaning the servers didn't make the player move, but the client made it move, which is non-authoritative ) Imagine that in DayZ, some people were able to delete a file which contained the colliders of buildings ( or something similar ) and were able to go through every wall and structures in the game. Games like Rust, DayZ and many more allow users to perform actions they shouldn't be able to.Įven in Battlefield 4, which has dedicated servers only available to trusted companies, i've seen players with 100% damage and aim bots. Having a server that confirms that the actions of a player are correct and then the server itself performs those actions and only the server tells other clients what happened is mandatory. ![]() "hackers" in some way or another will eventually get access to the source code and be able to change anything they want. For multiplayer games, (Almost) Full Authoritative server is the way to go. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |