1

I'm creating a 2D MMORPG game (in an applet form) and I had a simple question.

I understand that for security purposes as a general anti-hacking technique, the clients should contain the least amount of logical data as possible (so it cannot be manipulated and exploited).

My question is this: Lets say I send data from a server to a client (which is happening quite frequently one would presume). In my client code that received the packet, I parse said packet into its "chunks" and store that data logically in their accurate counter-parted variable. Lets say that one of the variables stores the health of a player. Does that mean that this variable is practically unusable for calculations - in the sense that since it is a logical piece of data (and can be therefore manipulated since it is stored on the client), and that the sole alternative is to read the packet containing the information pertaining the health if I were to ever require the health amount?

Thank you for taking the time to read my question. -Bryan

VILLAIN bryan
  • 701
  • 5
  • 24

2 Answers2

1

I would say that it depends on which calculations you're using it for. For unimportant things, like UI display, you can safely use the local variable. If you're using it to determine whether the player is dead or not, then you need to let the server make that determination. You may be able to use the local variable temporarily, until the server is able to update the client, in high-latency situations; but the client's version should never be the canonical version.

To elaborate: use the local variable where the only person affected is the player, so it doesn't matter if they manipulate their own data. Rely on the server variable for all other situations.

Chris Hayes
  • 11,471
  • 4
  • 32
  • 47
  • Thanks Chris that's what I was thinking too. I'm in the current process of handling items a player has "equipped". Do you think this is the right approach?: 1) Server grants client an equippable item (monster loot lets say) 2) Client requests permission to equip item 3) If granted, that item-slot takes the item and nothing can be equipped until that item-slot is released 4) Server sends updated stats to the client, only "display" stats are used in client variables – VILLAIN bryan Jan 13 '13 at 16:54
  • Makes sense to me. I know a number of modern games take the approach of having all not-client-only input sent to the server and interpreted there, to avoid things like speed hacks that were common in early FPS games. A similar approach should work well here. – Chris Hayes Jan 13 '13 at 16:56
0

The way I would do it is to have the server perform it's own calculations based on the actions performed on the client. The client can perform the same actions to give faster updates to the client, but the server should be the trusted determiner of what happened. This means you don't need so much interaction between the client and server to double check everything which happens.

Peter Lawrey
  • 525,659
  • 79
  • 751
  • 1,130
  • 1
    I am reminded of the quadruple damage buff in Quake, a much coveted item that lay on the ground, ready for the taking. When you ran across it, the client picked it up and happily announced "Quad!" through the speakers. The server then decided if you were, indeed, the first one to pick it up. If not, it negated the quad and your client added "denied." – flup Jan 14 '13 at 22:58