I’m sorry for this too broad and open question. I’m new to server programming and security and probably asked too soon. But huge thanks to you that you still gave some concrete stuff for me to chew on.
https://aws.amazon.com/gametech/make-it/ looks like a lot of useful reading.
In my case the game is not a shooter, but a deck builder/turn based strategy. So i think my game doesn’t have to handle the probably most difficult cheats like aimbots and lag related manipulations.
You wrote this in your reply for another question of mine in a different thread:
For mutliplayer, typically you don’t trust the client, they make requests to the server and it maintains state and decides if it should ‘honor’ the request.
My intial idea is that:
The beginning of each match the server would:
- validate the decks from each player and store it in server-side state,
- then generate a randomized list of them, and update clients with card lists with the first X visible cards for them.
After this when the current player performs an action with a unit, the client would send a request to the server and the server would:
- validate the request (whether a given action is issuable with the selected unit, does the current position and stats of selected unit match with the stored state on server, etc)
- if the request deemed valid:
- it updates server side state for current player
- modify server side state of the other player
- sends update to the client of the other player
Similarly in case of card draw(s), at the beginning of a new turn or during the given turn the client would send a request to the server and server would:
- validate request (like if current player can check/draw multiple cards in the queue, etc) if the request is valid then:
- update card queue and played card list on server side
- update hand list on client side
This is roughly the idea. With my current understanding, this solution has to be cheat proof. Of course i can easily be wrong, so any comment on pointing out missing key element or flaw in this design is highly appreciated.
Looking forward to that as well, thanks!