the best place to handle variables for security?

should clients handle their own variables and transmit it to the server or should the masterclient handlle those variables and let the client readonly those information like health,cooldown,points?

Comments

  • Hi @Cariaga,

    is this about hackers? If so, preventing hackers from cheating in your game is really difficult, and maybe impossible without any kind of server-side logic. Some options you have:

    The first one is, to trust all clients and let them handle their variables on their own. The advantage is, that it is relatively easy to implement. The disadvantage is, that every hacker can simply modify their values and furthermore 'destroy' the game experience for other users. In this case you would have to implement a Kick-System so that players can kick obvious hackers out of the room.

    The second option is what you already have mentioned: let the MasterClient handle all those values. The disadvantage is, that this requires more effort to implement and might also add some lag to the game. And while this looks (and maybe is) a bit safer than the first option, you would have to keep in mind, that also the MasterClient can be a hacker and get some unfair advantages above other players.

    The third option is to use custom server-side logic. The advantage in this case is, that this is most likely the most safest option to go with because you can check each modification made by the clients and correct them if necessary. The disadvantage is, that this again requires more work to implement and that you have to host the server yourself or use the Enterprise Cloud in order to inject custom server-side logic to the application flow.

    As a recommendation: go with the first option and see if you have problems with hackers at all when the game is live. You can still search for solutions, if there are that many hackers that the game gets literally unplayable.