Handling Security Issues

Options
Spyridon
Spyridon
edited August 2011 in Photon Server
There are some common situations that I can think of that could be exploited and I am not sure how to handle them to maintain security. To make things easy to understand let's assume the game is a FPS-style game.

1) How is prevention or detection of movement hacks/speed hacks implemented?

2) Time-out or cooldown between attacks - Does this need to be implemented server side to maintain security?

3) How could one prevent "Clipping hacks" allowing players to clip thru walls?

4) How is projectile collision with NPC's/PC's/Walls handled?

5) How is NPC AI/NPC Collision with walls handled by a server?

As you can see the last 3 questions are all related to the server being aware of collision boxes/spheres, so I suspect they may all share the same solution.

Comments

  • dreamora
    dreamora
    Options
    1) don't allow clients to send positions, then they can't fuck it up. send the input states from client -> server, let the server simulate it and send the result back.
    The moment the client simulates it (as it was the case even in wow), there will always be ways to hack it, potentially not on such a large scale as on wow but still a little, cause if the client simulates it you would verify on the server if the position change is possible and if not erset them and potentially mark them as potential cheaters

    2) definitely server side, client only requests that it happens

    3) you can't. The only thing you can do is try to track programs that hack at runtime and enforce an asset update for anything thats changed at the start (auto update) and mark them on the server then as potential cheaters to send a GM after them if it happens multiple times.

    4) physics simulation server

    5) the same or as part of the simple ai calculation where you use a nav mesh which removes "collision" from the plan basically
  • Spyridon
    Spyridon
    Options
    Thanks for the response. A couple questions raised from the response...

    1) Is that possible to do without visible lag to the players?

    4) Any resources that could provide more insight on physics simulation? Would I just be programming the basic physics simulation in to the server code or would I need a separate application solely for handling that?

    5) I know what a nav mesh is theoretically, but I'm not sure where I would start to be able to create one between Unity and Photon?
  • dreamora
    dreamora
    Options
    1) Client side prediction yes, In an MMO even more so than in a real FPS as you will never get the same low latency, high action rate (or your server farm will cost you an ass off as you won't get further than 40-50 players per core due to the calculations for world, player, ai, collision, networking)

    4) I personally would do it with headless clients of the engine technology you use which are connected to photon.
    Don't think there is a physics simulation library left for .NET but you might be able to find others here working on such a wrapper of some kind.

    5) you would create it in unity, export the nav mesh data and deploy it to the server where the AI code would load it for path calculation etc
  • Spyridon
    Spyridon
    Options
    Thanks again for the quick responses!

    Interesting, I didnt know Unity was able to run in headless mode until looking it up after your suggestion. I'm going to brainstorm a bit and see what kind of design I can think of with a headless client.

    Might it be a good idea to handle AI on the headless client as well? Or would it be more optimal for performance to handle that separately?
  • dreamora
    dreamora
    Options
    you could handle it in unity, the main point speaking against it is basically the hurdles / headache from trying to get the AI threaded without killing the engine and without leading to unmaintainable code, as threading is desireable normally. but it depends on how much load a single node will have to cover

Cookies,
anyone?

We use cookies and related technologies to enhance your experience, show you personalised content and analyze performance and traffic on our website. By clicking on the „Accept All“ button you consent to the use of non-functional cookies and the subsequent processing of personal data to optimize our website and services as described in more detail in our Privacy and Cookie Policy.

By clicking on the „Customize or Deny all“ button you can decide otherwise. Clicking on the „Customize“ button will take you to a page where you can configure the usage of non-functional cookies (and related technologies) or deny all of them. You can access these settings at any time and also subsequently deselect cookies at any time in the footer area of our website.

ACCEPT ALL

Cookie Overview

We use the following categories of cookies and related technologies to enhance your experience, show you personalized content, and analyze performance and traffic on our website. We respect your right to privacy and accordingly you can chose to not allow some types of cookies (and related technologies). Click on the different category sliders and change our default settings to manage your cookie settings.

For more information on the specific cookies/related technologies we use and on how we use these, please see section 15 E. of our Privacy and Cookie Policy.

ABSOLUTELY NECESSARY

Authentication cookies we use are required to run our services … Cookies are required: Link

FUNCTIONAL AND MARKETING COOKIES

These cookies collect anonymous data and allow us to optimize our website and user experience. These cookies are listed here:

ANALYTICS

Help us to understand how visitors interact with our services, enables us to analyze and improve our services (also through third party analytics).